upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-02 05:20:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'tkrizek/run-tests-with-set-e-9.18' into 'bind-9.18'

Browse source 
[9.18] Run system tests with set -e

See merge request isc-projects/bind9!8103
This commit is contained in:
Tom Krizek 2023-07-17 15:03:26 +00:00
commit da44dff5ef
114 changed files with 3028 additions and 2825 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.git-blame-ignore-revs
View file

@ -10,3 +10,9 @@
#
# remove trailing whitespace
644a0b80c8e69ede97a083069c1a1f3c44e1c76e
# arithmetic expansion in system tests
6f07ba6b7d29b2980657156472e6c8d25efed6f4
# arithmetic expansion in system tests
e577b1eca70856b816ffa36199f14078e4b76b58
# subshell notation in system tests
59e5fa42179366049fb31265532d504208f0329f

4
bin/tests/system/README
View file

@ -488,14 +488,14 @@ This is the main test file and the contents depend on the test. The contents
are completely up to the developer, although most test scripts have a form
similar to the following for each sub-test:
1. n=`expr $n + 1`
1. n=$((n + 1))
2. echo_i "prime cache nodata.example ($n)"
3. ret=0
4. $DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n
5. grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
6. grep "ANSWER: 0," dig.out.test$n > /dev/null || ret=1
7. if [ $ret != 0 ]; then echo_i "failed"; fi
8. status=`expr $status + $ret`
8. status=$((status + ret))
1. Increment the test number "n" (initialized to zero at the start of the
script).

62
bin/tests/system/acl/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}"
@ -21,14 +23,14 @@ t=0
echo_i "testing basic ACL processing"
# key "one" should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
# any other key should be fine
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
@ -38,18 +40,18 @@ rndc_reload ns2 10.53.0.2
sleep 5
# prefix 10/8 should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
# any other address should work, as long as it sends key "one"
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
@ -61,42 +63,42 @@ rndc_reload ns2 10.53.0.2
sleep 5
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# but only one or the other should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1; }
# and other values? right out
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:three:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
@ -107,31 +109,31 @@ rndc_reload ns2 10.53.0.2
sleep 5
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
# should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
# should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
@ -140,31 +142,31 @@ echo_i "testing allow-query-on ACL processing"
copy_setports ns2/named5.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 5
t=`expr $t + 1`
t=$((t + 1))
$DIG -p ${PORT} +tcp soa example. \
@10.53.0.2 -b 10.53.0.3 > dig.out.${t}
grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
echo_i "testing blackhole ACL processing"
t=`expr $t + 1`
t=$((t + 1))
ret=0
$DIG -p ${PORT} +tcp soa example. \
@10.53.0.2 -b 10.53.0.3 > dig.out.1.${t}
grep "status: NOERROR" dig.out.1.${t} > /dev/null 2>&1 || ret=1
$DIG -p ${PORT} +tcp soa example. \
@10.53.0.2 -b 10.53.0.8 > dig.out.2.${t}
@10.53.0.2 -b 10.53.0.8 > dig.out.2.${t} && ret=1
grep "status: NOERROR" dig.out.2.${t} > /dev/null 2>&1 && ret=1
grep "communications error" dig.out.2.${t} > /dev/null 2>&1 || ret=1
$DIG -p ${PORT} soa example. \
@10.53.0.2 -b 10.53.0.3 > dig.out.3.${t}
grep "status: NOERROR" dig.out.3.${t} > /dev/null 2>&1 || ret=1
$DIG -p ${PORT} soa example. \
@10.53.0.2 -b 10.53.0.8 > dig.out.4.${t}
@10.53.0.2 -b 10.53.0.8 > dig.out.4.${t} && ret=1
grep "status: NOERROR" dig.out.4.${t} > /dev/null 2>&1 && ret=1
grep "timed out" dig.out.4.${t} > /dev/null 2>&1 || ret=1
grep ";; no servers could be reached" dig.out.4.${t} > /dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
# AXFR tests against ns3
@ -174,26 +176,26 @@ echo_i "calling addzone example.com on ns3"
$RNDCCMD 10.53.0.3 addzone 'example.com {type primary; file "example.db"; }; '
sleep 1
t=`expr $t + 1`
t=$((t + 1))
ret=0
echo_i "checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})"
$DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "calling rndc reconfig"
rndc_reconfig ns3 10.53.0.3
sleep 1
t=`expr $t + 1`
t=$((t + 1))
ret=0
echo_i "re-checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})"
$DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
# AXFR tests against ns4
@ -203,26 +205,26 @@ echo_i "calling addzone example.com on ns4"
$RNDCCMD 10.53.0.4 addzone 'example.com {type primary; file "example.db"; }; '
sleep 1
t=`expr $t + 1`
t=$((t + 1))
ret=0
echo_i "checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})"
$DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "calling rndc reconfig"
rndc_reconfig ns4 10.53.0.4
sleep 1
t=`expr $t + 1`
t=$((t + 1))
ret=0
echo_i "re-checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})"
$DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

54
bin/tests/system/additional/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -20,7 +22,7 @@ status=0
n=0
dotests() {
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with RT, single zone (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -28,7 +30,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with RT, two zones (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1
@ -36,7 +38,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NAPTR, single zone (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1
@ -44,7 +46,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NAPTR, two zones (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1
@ -52,7 +54,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with LP (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -82,7 +84,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NID (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -98,7 +100,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NID + LP (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -116,7 +118,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with RT, single zone (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -124,7 +126,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with RT, two zones (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1
@ -132,7 +134,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NAPTR, single zone (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1
@ -140,7 +142,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NAPTR, two zones (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1
@ -148,7 +150,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with LP (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -178,7 +180,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NID (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -194,7 +196,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NID + LP (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -212,7 +214,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NS, root zone ($n)"
ret=0
$DIG $DIGOPTS -t NS . @10.53.0.1 > dig.out.$n || ret=1
@ -222,7 +224,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NS, non-root zone ($n)"
ret=0
$DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -257,7 +259,7 @@ echo_i "testing with 'minimal-responses no;'"
minimal=no
dotests
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing with 'minimal-any no;' ($n)"
ret=0
$DIG $DIGOPTS -t ANY www.rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -270,7 +272,7 @@ echo_i "reconfiguring server: minimal-any yes"
copy_setports ns1/named3.conf.in ns1/named.conf
rndc_reconfig ns1 10.53.0.1
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing with 'minimal-any yes;' over UDP ($n)"
ret=0
$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -278,7 +280,7 @@ grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1
if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing with 'minimal-any yes;' over TCP ($n)"
ret=0
@ -288,7 +290,7 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing with 'minimal-any yes;' over UDP ($n)"
ret=0
$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -309,7 +311,7 @@ echo_i "testing with 'minimal-responses no-auth-recursive;'"
minimal=no-auth-recursive
dotests
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing returning TLSA records with MX query ($n)"
ret=0
$DIG $DIGOPTS -t mx mx.example @10.53.0.1 > dig.out.$n || ret=1
@ -320,7 +322,7 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing returning TLSA records with SRV query ($n)"
ret=0
$DIG $DIGOPTS -t srv _xmpp-client._tcp.srv.example @10.53.0.1 > dig.out.$n || ret=1
@ -335,7 +337,7 @@ echo_i "reconfiguring server: minimal-responses no"
copy_setports ns1/named2.conf.in ns1/named.conf
rndc_reconfig ns1 10.53.0.1
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing NS handling in ANY responses (authoritative) ($n)"
ret=0
$DIG $DIGOPTS -t ANY rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -345,7 +347,7 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing NS handling in ANY responses (recursive) ($n)"
ret=0
$DIG $DIGOPTS -t ANY rt.example @10.53.0.3 > dig.out.$n || ret=1
@ -355,7 +357,7 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing out-of-zone additional data from auth zones (authoritative) ($n)"
ret=0
$DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -364,7 +366,7 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing out-of-zone additional data from auth zones (recursive) ($n)"
ret=0
$DIG $DIGOPTS -t NS ex @10.53.0.3 > dig.out.$n || ret=1

266
bin/tests/system/addzone/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p ${PORT}"
@ -30,9 +32,9 @@ ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# When LMDB support is compiled in, this tests that migration from
# NZF to NZD occurs during named startup
@ -41,16 +43,16 @@ ret=0
$DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.previous.example' dig.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if $FEATURETEST --with-lmdb; then
echo_i "checking that existing NZF file was renamed after migration ($n)"
[ -e ns2/3bf305731dd26307.nzf~ ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "adding new zone ($n)"
@ -62,27 +64,27 @@ _check_adding_new_zone () (
grep '^a.added.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_adding_new_zone || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
nextpart ns2/named.run >/dev/null
echo_i "checking addzone errors are logged correctly"
ret=0
$RNDCCMD 10.53.0.2 addzone bad.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
wait_for_log_peek 20 "addzone: 'mister' unexpected" ns2/named.run || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
nextpart ns2/named.run >/dev/null
echo_i "checking modzone errors are logged correctly"
ret=0
$RNDCCMD 10.53.0.2 modzone added.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
wait_for_log_peek 20 "modzone: 'mister' unexpected" ns2/named.run || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "adding a zone that requires quotes ($n)"
ret=0
@ -94,9 +96,9 @@ _check_zone_that_requires_quotes() (
grep '^a.32/1.0.0.127-in-addr.added.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_zone_that_requires_quotes || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "adding a zone with a quote in the name ($n)"
ret=0
@ -107,48 +109,48 @@ _check_zone_with_a_quote() (
grep '^a.foo\\"bar.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_zone_with_a_quote || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "adding new zone with missing file ($n)"
ret=0
$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1
grep "status: REFUSED" dig.out.ns2.pre.$n > /dev/null || ret=1
$RNDCCMD 10.53.0.2 addzone 'missing.example { type primary; file "missing.db"; };' 2> rndc.out.ns2.$n
$RNDCCMD 10.53.0.2 addzone 'missing.example { type primary; file "missing.db"; };' 2> rndc.out.ns2.$n && ret=1
grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1
grep "status: REFUSED" dig.out.ns2.post.$n > /dev/null || ret=1
digcomp dig.out.ns2.pre.$n dig.out.ns2.post.$n || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if ! $FEATURETEST --with-lmdb; then
echo_i "verifying no comments in NZF file ($n)"
ret=0
hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l`
hcount=$(grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l)
[ $hcount -eq 0 ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "checking rndc showzone with previously added zone ($n)"
ret=0
$RNDCCMD 10.53.0.2 showzone previous.example > rndc.out.ns2.$n
expected='zone "previous.example" { type primary; file "previous.db"; };'
[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
n=`expr $n + 1`
[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if $FEATURETEST --with-lmdb; then
echo_i "checking zone is present in NZD ($n)"
ret=0
$NZD2NZF ns2/_default.nzd | grep previous.example > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "deleting previously added zone ($n)"
@ -160,9 +162,9 @@ _check_deleting_previously_added_zone() (
! grep '^a.previous.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_previously_added_zone || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
check_nzd2nzf() (
$NZD2NZF ns2/_default.nzd > nzd2nzf.out.$n &&
@ -173,17 +175,17 @@ if $FEATURETEST --with-lmdb; then
echo_i "checking zone was deleted from NZD ($n)"
retry_quiet 10 check_nzd2nzf || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
if ! $FEATURETEST --with-lmdb; then
echo_i "checking NZF file now has comment ($n)"
ret=0
hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l`
hcount=$(grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l)
[ $hcount -eq 1 ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "deleting newly added zone added.example ($n)"
@ -195,9 +197,9 @@ _check_deleting_newly_added_zone() (
! grep '^a.added.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_newly_added_zone || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "deleting newly added zone with escaped quote ($n)"
ret=0
@ -208,45 +210,45 @@ _check_deleting_newly_added_zone_quote() (
! grep "^a.foo\"bar.example" dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_newly_added_zone_quote || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc showzone with a normally-loaded zone ($n)"
ret=0
$RNDCCMD 10.53.0.2 showzone normal.example > rndc.out.ns2.$n
expected='zone "normal.example" { type primary; file "normal.db"; };'
[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
n=`expr $n + 1`
[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc showzone with a normally-loaded zone with trailing dot ($n)"
ret=0
$RNDCCMD 10.53.0.2 showzone finaldot.example > rndc.out.ns2.$n
expected='zone "finaldot.example." { type primary; file "normal.db"; };'
[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
n=`expr $n + 1`
[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc showzone with a normally-loaded redirect zone ($n)"
ret=0
$RNDCCMD 10.53.0.1 showzone -redirect > rndc.out.ns1.$n
expected='zone "." { type redirect; file "redirect.db"; };'
[ "`cat rndc.out.ns1.$n`" = "$expected" ] || ret=1
n=`expr $n + 1`
[ "$(cat rndc.out.ns1.$n)" = "$expected" ] || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc zonestatus with a normally-loaded redirect zone ($n)"
ret=0
$RNDCCMD 10.53.0.1 zonestatus -redirect > rndc.out.ns1.$n
grep "type: redirect" rndc.out.ns1.$n > /dev/null || ret=1
grep "serial: 0" rndc.out.ns1.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc reload with a normally-loaded redirect zone ($n)"
ret=0
@ -254,9 +256,9 @@ sleep 1
cp -f ns1/redirect.db.2 ns1/redirect.db
$RNDCCMD 10.53.0.1 reload -redirect > rndc.out.ns1.$n
retry_quiet 5 check_zonestatus 1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "delete a normally-loaded zone ($n)"
ret=0
@ -270,9 +272,9 @@ _check_delete_normally_loaded_zone() (
)
retry_quiet 5 _check_delete_normally_loaded_zone || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to add primary zone with inline signing ($n)"
$RNDCCMD 10.53.0.2 addzone 'inline.example { type primary; file "inline.db"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
@ -282,17 +284,17 @@ _check_add_primary_zone_with_inline() (
grep '^a.inline.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 5 _check_add_primary_zone_with_inline || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to add primary zone with inline signing and missing file ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type primary; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n
$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type primary; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n && ret=1
grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to add secondary zone with inline signing ($n)"
$RNDCCMD 10.53.0.2 addzone 'inlinesec.example { type secondary; primaries { 10.53.0.1; }; file "inlinesec.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
@ -302,9 +304,9 @@ _check_add_secondary_with_inline() (
grep '^a.inlinesec.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 5 _check_add_secondary_with_inline || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to delete secondary zone with inline signing ($n)"
ret=0
@ -318,8 +320,8 @@ test ! -f inlinesec.bk.signed ||
grep '^inlinesec.bk.signed$' rndc.out2.test$n > /dev/null || {
echo_i "failed to report inlinesec.bk.signed"; ret=1;
}
n=`expr $n + 1`
status=`expr $status + $ret`
n=$((n + 1))
status=$((status + ret))
echo_i "restoring secondary zone with inline signing ($n)"
$RNDCCMD 10.53.0.2 addzone 'inlinesec.example { type secondary; primaries { 10.53.0.1; }; file "inlinesec.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
@ -329,17 +331,17 @@ _check_restoring_secondary_with_inline() (
grep '^a.inlinesec.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 5 _check_restoring_secondary_with_inline || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "deleting secondary zone with automatic zone file removal ($n)"
ret=0
retry_quiet 10 test -f ns2/inlinesec.bk.signed -a -f ns2/inlinesec.bk || ret=1
$RNDCCMD 10.53.0.2 delzone -clean inlinesec.example > /dev/null 2>&1
retry_quiet 10 test ! -f ns2/inlinesec.bk.signed -a ! -f ns2/inlinesec.bk
n=`expr $n + 1`
status=`expr $status + $ret`
n=$((n + 1))
status=$((status + ret))
echo_i "modifying zone configuration ($n)"
ret=0
@ -349,23 +351,23 @@ grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1
$RNDCCMD 10.53.0.2 modzone 'mod.example { type primary; file "added.db"; allow-query { none; }; };' 2>&1 | sed 's/^/ns2 /' | cat_i
$DIG +norec $DIGOPTS @10.53.0.2 mod.example ns > dig.out.ns2.2.$n || ret=1
$RNDCCMD 10.53.0.2 showzone mod.example | grep 'allow-query { "none"; };' > /dev/null 2>&1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that adding a 'stub' zone works ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'stub.example { type stub; primaries { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that adding a 'static-stub' zone works ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that adding a 'primary redirect' zone works ($n)"
ret=0
@ -378,9 +380,9 @@ _check_add_primary_redirect() (
grep "serial: 0" zonestatus.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_add_primary_redirect || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that reloading a added 'primary redirect' zone works ($n)"
ret=0
@ -388,16 +390,16 @@ sleep 1
cp -f ns2/redirect.db.2 ns2/redirect.db
$RNDCCMD 10.53.0.2 reload -redirect > rndc.out.ns2.$n
retry_quiet 10 check_zonestatus 2 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that retransfer of a added 'primary redirect' zone fails ($n)"
ret=0
$RNDCCMD 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that deleting a 'primary redirect' zone works ($n)"
ret=0
@ -407,9 +409,9 @@ _check_deleting_primary_redirect() (
grep 'not found' showzone.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_primary_redirect || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that adding a 'secondary redirect' zone works ($n)"
ret=0
@ -422,9 +424,9 @@ _check_adding_secondary_redirect() (
grep "serial: 0" zonestatus.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_adding_secondary_redirect || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that retransfering a added 'secondary redirect' zone works ($n)"
ret=0
@ -437,9 +439,9 @@ _check_retransfering_secondary_redirect() (
grep "serial: 1" zonestatus.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_retransfering_secondary_redirect || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that deleting a 'secondary redirect' zone works ($n)"
ret=0
@ -449,41 +451,41 @@ _check_deleting_secondary_redirect() (
grep 'not found' showzone.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_secondary_redirect || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that zone type 'hint' is properly rejected ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that zone type 'forward' is properly rejected ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that zone type 'delegation-only' is properly rejected ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'delegation-only.example { type delegation-only; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'in-view' zones are properly rejected ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "reconfiguring server with multiple views"
rm -f ns2/named.conf
@ -508,27 +510,27 @@ grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if ! $FEATURETEST --with-lmdb; then
echo_i "checking new NZF file has comment ($n)"
ret=0
hcount=`grep "^# New zone file for view: external" ns2/external.nzf | wc -l`
hcount=$(grep "^# New zone file for view: external" ns2/external.nzf | wc -l)
[ $hcount -eq 1 ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
if $FEATURETEST --with-lmdb; then
echo_i "verifying added.example in external view created an external.nzd DB ($n)"
ret=0
[ -e ns2/external.nzd ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "checking rndc reload causes named to reload the external view's new zone config ($n)"
@ -542,9 +544,9 @@ _check_rndc_reload_external_view_config() (
grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null
)
retry_quiet 10 _check_rndc_reload_external_view_config || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc showzone with newly added zone ($n)"
_check_rndc_showzone_newly_added() (
@ -554,12 +556,12 @@ _check_rndc_showzone_newly_added() (
expected='zone "added.example" { type primary; file "added.db"; };'
fi
$RNDCCMD 10.53.0.2 showzone added.example in external > rndc.out.ns2.$n 2>/dev/null &&
[ "`cat rndc.out.ns2.$n`" = "$expected" ]
[ "$(cat rndc.out.ns2.$n)" = "$expected" ]
)
retry_quiet 10 _check_rndc_showzone_newly_added || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "deleting newly added zone ($n)"
ret=0
@ -570,31 +572,31 @@ _check_deleting_newly_added_zone() (
! grep '^a.added.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_newly_added_zone || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to add zone to internal view ($n)"
ret=0
$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.pre.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.pre.$n > /dev/null || ret=1
$RNDCCMD 10.53.0.2 addzone 'added.example in internal { type primary; file "added.db"; };' 2> rndc.out.ns2.$n
$RNDCCMD 10.53.0.2 addzone 'added.example in internal { type primary; file "added.db"; };' 2> rndc.out.ns2.$n && ret=1
grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to delete a policy zone ($n)"
ret=0
$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1
$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1 && ret=1
grep 'cannot be deleted' rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "adding new zone again to external view ($n)"
ret=0
@ -607,9 +609,9 @@ _check_adding_new_zone_again_external() (
grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null
)
retry_quiet 10 _check_adding_new_zone_again_external || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "reconfiguring server with multiple views and new-zones-directory"
rm -f ns2/named.conf
@ -621,9 +623,9 @@ ret=0
$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "deleting newly added zone from external ($n)"
ret=0
@ -631,9 +633,9 @@ $RNDCCMD 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "adding new zone to directory view ($n)"
ret=0
@ -651,9 +653,9 @@ grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
$DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dir.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.dir.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.dir.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if $FEATURETEST --with-lmdb; then
echo_i "checking NZD file was created in new-zones-directory ($n)"
@ -665,9 +667,9 @@ fi
$RNDCCMD 10.53.0.2 sync 'added.example IN directory' 2>&1 | sed 's/^/I:ns2 /'
sleep 2
[ -e "$expect" ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "deleting newly added zone from directory ($n)"
ret=0
@ -675,17 +677,17 @@ $RNDCCMD 10.53.0.2 delzone 'added.example in directory' 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "ensure the configuration context is cleaned up correctly ($n)"
ret=0
rndc_reconfig ns2 10.53.0.2
$RNDCCMD 10.53.0.2 status > /dev/null 2>&1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check delzone after reconfig failure ($n)"
ret=0
@ -693,9 +695,9 @@ $RNDCCMD 10.53.0.3 addzone 'inlinesec.example. IN { type secondary; file "inline
copy_setports ns3/named2.conf.in ns3/named.conf
rndc_reconfig ns3 10.53.0.3
$RNDCCMD 10.53.0.3 delzone inlinesec.example > /dev/null 2>&1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if ! $FEATURETEST --with-lmdb
then
@ -706,9 +708,9 @@ then
$RNDCCMD 10.53.0.3 addzone "test3.baz" '{ type primary; file "e.db"; };' > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.3 delzone "test3.baz" > /dev/null 2>&1 || ret=1
grep test2.baz ns3/_default.nzf > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
_check_version_bind() (
@ -747,8 +749,8 @@ $DIG $DIGOPTS @10.53.0.3 SOA 'test\010.baz' > dig.out.6.test$n || ret=1
grep "status: NOERROR" dig.out.6.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.6.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

198
bin/tests/system/allow-query/tests.sh
View file

@ -52,6 +52,8 @@
# and querying as necessary.
#
set -e
. ../conf.sh
DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p ${PORT}"
@ -62,17 +64,17 @@ n=0
nextpart ns2/named.run > /dev/null
# Test 1 - default, query allowed
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: default - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 2 - explicit any, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named02.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -82,10 +84,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 3 - none, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named03.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -97,9 +99,9 @@ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
nextpart ns2/named.run | grep 'recursion not enabled for view' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
DIGNOEDNS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +noedns -p ${PORT}"
echo_i "test $n: none - query refused (no edns)"
@ -109,10 +111,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null && ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 4 - address allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named04.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -122,10 +124,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 5 - address not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named05.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -136,10 +138,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 6 - address disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named06.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -150,10 +152,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 7 - acl allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named07.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -163,10 +165,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 8 - acl not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named08.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -177,11 +179,11 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 9 - acl disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named09.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -192,10 +194,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 10 - key allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named10.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -205,10 +207,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > d
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 11 - key not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named11.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -219,10 +221,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 12 - key disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named12.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -233,13 +235,13 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# The next set of tests check if allow-query works in a view
n=20
# Test 21 - views default, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named21.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -249,10 +251,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 22 - views explicit any, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named22.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -262,10 +264,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 23 - views none, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named23.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -276,10 +278,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 24 - views address allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named24.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -289,10 +291,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 25 - views address not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named25.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -303,10 +305,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 26 - views address disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named26.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -317,10 +319,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 27 - views acl allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named27.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -330,10 +332,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 28 - views acl not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named28.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -344,10 +346,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 29 - views acl disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named29.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -358,10 +360,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 30 - views key allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named30.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -371,10 +373,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > d
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 31 - views key not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named31.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -385,10 +387,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 32 - views key disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named32.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -399,10 +401,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 33 - views over options, views allow, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named33.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -412,10 +414,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 34 - views over options, views disallow, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named34.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -426,14 +428,14 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Tests for allow-query in the zone statements
n=40
# Test 41 - zone default, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named40.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -443,20 +445,20 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 42 - zone explicit any, query allowed
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone explicit any - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.any.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 43 - zone none, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone none - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a > dig.out.ns2.$n || ret=1
@ -464,20 +466,20 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.none.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 44 - zone address allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone address allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 45 - zone address not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone address not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a > dig.out.ns2.$n || ret=1
@ -485,10 +487,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 46 - zone address disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone address disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a > dig.out.ns2.$n || ret=1
@ -496,20 +498,20 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrdisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 47 - zone acl allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone acl allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.aclallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 48 - zone acl not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone acl not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.$n || ret=1
@ -517,10 +519,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.aclnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 49 - zone acl disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone acl disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a > dig.out.ns2.$n || ret=1
@ -528,20 +530,20 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.acldisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 50 - zone key allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone key allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 51 - zone key not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone key not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
@ -549,10 +551,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 52 - zone key disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone key disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
@ -560,10 +562,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 53 - zones over options, zones allow, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named53.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -573,10 +575,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 54 - zones over options, zones disallow, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named54.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -587,10 +589,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 55 - zones over views, zones allow, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named55.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -600,10 +602,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 56 - zones over views, zones disallow, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named56.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -614,10 +616,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 57 - zones over views, zones disallow, query refused (allow-query-on)
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named57.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -631,10 +633,10 @@ grep 'status: REFUSED' dig.out.ns2.2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.2.$n > /dev/null || ret=1
grep '^a.aclnotallow.example' dig.out.ns2.2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 58 - allow-recursion default
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: default allow-recursion configuration"
ret=0
nextpart ns3/named.run > /dev/null
@ -645,10 +647,10 @@ grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1
nextpart ns3/named.run | grep 'allow-recursion did not match' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 59 - allow-query-cache default
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: default allow-query-cache configuration"
ret=0
$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 ns . > dig.out.ns3.1.$n
@ -658,10 +660,10 @@ grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1
nextpart ns3/named.run | grep 'allow-recursion did not match' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 60 - block recursion-on, allow query-cache-on
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns3/named2.conf.in ns3/named.conf
rndc_reload ns3 10.53.0.3
@ -677,10 +679,10 @@ grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret
grep 'ANSWER: 0' dig.out.ns3.2.$n > /dev/null || ret=1
nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 61 - inheritance of allow-query-cache-on from allow-recursion-on
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns3/named3.conf.in ns3/named.conf
rndc_reload ns3 10.53.0.3
@ -704,10 +706,10 @@ grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n > /dev/null || ret=1
nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 62 - inheritance of allow-recursion-on from allow-query-cache-on
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns3/named4.conf.in ns3/named.conf
rndc_reload ns3 10.53.0.3
@ -731,7 +733,7 @@ grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n > /dev/null || ret=1
nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

60
bin/tests/system/auth/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+tcp -p ${PORT}"
@ -18,7 +20,7 @@ DIGOPTS="+tcp -p ${PORT}"
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "wait for zones to finish transferring to ns2 ($n)"
for i in 1 2 3 4 5 6 7 8 9 10
do
@ -32,13 +34,13 @@ do
sleep 1
done
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
#
# If recursion is unrequested or unavailable, then cross-zone CNAME records
# should not be followed. If both requested and available, they should be.
#
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=0) ($n)"
ret=0
$DIG $DIGOPTS +norec @10.53.0.1 www.example.com > dig.out.test$n || ret=1
@ -47,9 +49,9 @@ grep "flags: qr aa;" dig.out.test$n > /dev/null || ret=1
grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that cross-zone CNAME record does not return target data (rd=1/ra=0) ($n)"
ret=0
$DIG $DIGOPTS +rec @10.53.0.1 www.example.com > dig.out.test$n || ret=1
@ -58,9 +60,9 @@ grep "flags: qr aa rd;" dig.out.test$n > /dev/null || ret=1
grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=1) ($n)"
ret=0
$DIG $DIGOPTS +norec @10.53.0.2 www.example.com > dig.out.test$n || ret=1
@ -69,9 +71,9 @@ grep "flags: qr aa ra;" dig.out.test$n > /dev/null || ret=1
grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that cross-zone CNAME records return target data (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 www.example.com > dig.out.test$n || ret=1
@ -80,12 +82,12 @@ grep "flags: qr aa rd ra;" dig.out.test$n > /dev/null || ret=1
grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
#
# In-zone CNAME records should always be followed regardless of RD and RA.
#
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records return target data (rd=0/ra=0) ($n)"
ret=0
$DIG $DIGOPTS +norec @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1
@ -94,9 +96,9 @@ grep "flags: qr aa;" dig.out.test$n > /dev/null || ret=1
grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records returns target data (rd=1/ra=0) ($n)"
ret=0
$DIG $DIGOPTS +rec @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1
@ -105,9 +107,9 @@ grep "flags: qr aa rd;" dig.out.test$n > /dev/null || ret=1
grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records return target data (rd=0/ra=1) ($n)"
ret=0
$DIG $DIGOPTS +norec @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1
@ -116,9 +118,9 @@ grep "flags: qr aa ra;" dig.out.test$n > /dev/null || ret=1
grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records return target data (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1
@ -127,9 +129,9 @@ grep "flags: qr aa rd ra;" dig.out.test$n > /dev/null || ret=1
grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records does not return target data when QTYPE is CNAME (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -t cname inzone.example.com > dig.out.test$n || ret=1
@ -138,9 +140,9 @@ grep 'flags: qr aa rd ra;' dig.out.test$n > /dev/null || ret=1
grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null || ret=1
grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records does not return target data when QTYPE is ANY (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -t any inzone.example.com > dig.out.test$n || ret=1
@ -149,9 +151,9 @@ grep 'flags: qr aa rd ra;' dig.out.test$n > /dev/null || ret=1
grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null || ret=1
grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone DNAME records does not return target data when QTYPE is CNAME (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -t cname inzone.dname.example.com > dig.out.test$n || ret=1
@ -162,9 +164,9 @@ grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$
grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null && ret=1
grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone DNAME records does not return target data when QTYPE is ANY (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -t any inzone.dname.example.com > dig.out.test$n || ret=1
@ -175,16 +177,16 @@ grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$
grep 'inzone\.example\.com.*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null && ret=1
grep 'a\.example\.com.*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that CHAOS addresses are compared correctly ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 +noall +answer ch test.example.chaos > dig.out.test$n
lines=`wc -l < dig.out.test$n`
lines=$(wc -l < dig.out.test$n)
[ ${lines:-0} -eq 2 ] || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

23
bin/tests/system/autosign/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -320,12 +322,15 @@ then
# try to convert nsec-only.example; this should fail due to
# non-NSEC3 compatible keys
echo_i "preset nsec3param in unsigned zone via nsupdate ($n)"
$NSUPDATE > nsupdate.out 2>&1 <<END
ret=0
$NSUPDATE > nsupdate.out 2>&1 <<END && ret=1
server 10.53.0.3 ${PORT}
zone nsec-only.example.
update add nsec-only.example. 3600 NSEC3PARAM 1 0 10 BEEF
send
END
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
fi
echo_i "checking for nsec3param in unsigned zone ($n)"
@ -1371,8 +1376,8 @@ check_interval () {
if (int(x) > int(interval))
exit (1);
}
END { if (int(x) > int(interval) || int(x) < int(interval-10)) exit(1) }' interval=$2
return $?
END { if (int(x) > int(interval) || int(x) < int(interval-10)) exit(1) }' interval=$2 || return $?
return 0
}
echo_i "checking automatic key reloading interval ($n)"
@ -1584,11 +1589,11 @@ $RNDCCMD 10.53.0.3 signing -nsec3param 1 1 10 12345678 delzsk.example. > signing
for i in 0 1 2 3 4 5 6 7 8 9; do
_ret=1
$DIG $DIGOPTS delzsk.example NSEC3PARAM @10.53.0.3 > dig.out.ns3.1.test$n 2>&1 || ret=1
grep "NSEC3PARAM.*12345678" dig.out.ns3.1.test$n > /dev/null 2>&1
if [ $? -eq 0 ]; then
{ grep "NSEC3PARAM.*12345678" dig.out.ns3.1.test$n > /dev/null 2>&1; rc=$?; } || true
if [ $rc -eq 0 ]; then
$RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1
grep "Creating NSEC3 chain " signing.out.2.test$n > /dev/null 2>&1
if [ $? -ne 0 ]; then
{ grep "Creating NSEC3 chain " signing.out.2.test$n > /dev/null 2>&1; rc=$?; } || true
if [ $rc -ne 0 ]; then
_ret=0
break
fi
@ -1607,8 +1612,8 @@ $SETTIME -D now-1h $file > settime.out.test$n || ret=1
for i in 0 1 2 3 4 5 6 7 8 9; do
_ret=1
$RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.3.test$n 2>&1
grep "Signing " signing.out.3.test$n > /dev/null 2>&1
if [ $? -ne 0 ]; then
{ grep "Signing " signing.out.3.test$n > /dev/null 2>&1; rc=$?; } || true
if [ $rc -ne 0 ]; then
if [ $(grep "Done signing " signing.out.3.test$n | wc -l) -eq 2 ]; then
_ret=0
break

64
bin/tests/system/builtin/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -120,7 +122,7 @@ B.E.F.IP6.ARPA
EMPTY.AS112.ARPA
HOME.ARPA"
n=`expr $n + 1`
n=$((n + 1))
ret=0
count=0
echo_i "Checking expected empty zones were configured ($n)"
@ -130,15 +132,15 @@ do
echo_i "failed (empty zone $zone missing)"
ret=1
}
count=`expr $count + 1`
count=$((count + 1))
done
lines=`grep "automatic empty zone: " ns1/named.run | wc -l`
lines=$(grep "automatic empty zone: " ns1/named.run | wc -l)
test $count -eq $lines -a $count -eq 99 || {
ret=1; echo_i "failed (count mismatch)";
}
if [ $ret != 0 ] ; then status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "Checking that reconfiguring empty zones is silent ($n)"
$RNDCCMD 10.53.0.1 reconfig
ret=0
@ -147,9 +149,9 @@ grep "received control channel command 'reconfig'" ns1/named.run > /dev/null ||
grep "reloading configuration succeeded" ns1/named.run > /dev/null || ret=1
sleep 1
grep "zone serial (0) unchanged." ns1/named.run > /dev/null && ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "Checking that reloading empty zones is silent ($n)"
rndc_reload ns1 10.53.0.1
ret=0
@ -158,89 +160,89 @@ grep "received control channel command 'reload'" ns1/named.run > /dev/null || re
grep "reloading configuration succeeded" ns1/named.run > /dev/null || ret=1
sleep 1
grep "zone serial (0) unchanged." ns1/named.run > /dev/null && ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
HOST_NAME=`$FEATURETEST --gethostname`
HOST_NAME=$($FEATURETEST --gethostname)
BIND_VERSION_STRING=$($NAMED -V | head -1)
BIND_VERSION=$($NAMED -V | sed -ne 's/^BIND \([^ ]*\).*/\1/p')
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that default version works for rndc ($n)"
$RNDCCMD 10.53.0.1 status > rndc.status.ns1.$n 2>&1
grep -F "version: $BIND_VERSION_STRING" rndc.status.ns1.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that custom version works for rndc ($n)"
$RNDCCMD 10.53.0.3 status > rndc.status.ns3.$n 2>&1
grep -F "version: $BIND_VERSION_STRING (this is a test of version)" rndc.status.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that default version works for query ($n)"
$DIG $DIGOPTS +short version.bind txt ch @10.53.0.1 > dig.out.ns1.$n
grep "^\"$BIND_VERSION\"$" dig.out.ns1.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that custom version works for query ($n)"
$DIG $DIGOPTS +short version.bind txt ch @10.53.0.3 > dig.out.ns3.$n
grep "^\"this is a test of version\"$" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that default hostname works for query ($n)"
$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.1 > dig.out.ns1.$n
grep "^\"$HOST_NAME\"$" dig.out.ns1.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that custom hostname works for query ($n)"
$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.3 > dig.out.ns3.$n
grep "^\"this.is.a.test.of.hostname\"$" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that default server-id is none for query ($n)"
$DIG $DIGOPTS id.server txt ch @10.53.0.1 > dig.out.ns1.$n
grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
grep "ANSWER: 0" dig.out.ns1.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that server-id hostname works for query ($n)"
$DIG $DIGOPTS +short id.server txt ch @10.53.0.2 > dig.out.ns2.$n
grep "^\"$HOST_NAME\"$" dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that server-id hostname works for EDNS name server ID request ($n)"
$DIG $DIGOPTS +norec +nsid foo @10.53.0.2 > dig.out.ns2.$n
grep "^; NSID: .* (\"$HOST_NAME\")$" dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that custom server-id works for query ($n)"
$DIG $DIGOPTS +short id.server txt ch @10.53.0.3 > dig.out.ns3.$n
grep "^\"this.is.a.test.of.server-id\"$" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that custom server-id works for EDNS name server ID request ($n)"
$DIG $DIGOPTS +norec +nsid foo @10.53.0.3 > dig.out.ns3.$n
grep "^; NSID: .* (\"this.is.a.test.of.server-id\")$" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

76
bin/tests/system/cacheclean/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -66,9 +68,9 @@ clear_cache () {
}
in_cache () {
ttl=`$DIG $DIGOPTS "$@" | awk '{print $2}'`
ttl=$($DIG $DIGOPTS "$@" | awk '{print $2}')
[ -z "$ttl" ] && {
ttl=`$DIG $DIGOPTS +noanswer +auth "$@" | awk '{print $2}'`
ttl=$($DIG $DIGOPTS +noanswer +auth "$@" | awk '{print $2}')
[ "$ttl" -ge 3599 ] && return 1
return 0
}
@ -91,39 +93,39 @@ filter_tree () {
' "$file"
}
n=`expr $n + 1`
n=$((n + 1))
echo_i "check correctness of routine cache cleaning ($n)"
$DIG $DIGOPTS +tcp +keepopen -b 10.53.0.7 -f dig.batch > dig.out.ns2 || status=1
digcomp --lc dig.out.ns2 knowngood.dig.out || status=1
n=`expr $n + 1`
n=$((n + 1))
echo_i "only one tcp socket was used ($n)"
tcpclients=`awk '$3 == "client" && $5 ~ /10.53.0.7#[0-9]*:/ {print $5}' ns2/named.run | sort | uniq -c | wc -l`
tcpclients=$(awk '$3 == "client" && $5 ~ /10.53.0.7#[0-9]*:/ {print $5}' ns2/named.run | sort | uniq -c | wc -l)
test $tcpclients -eq 1 || { status=1; echo_i "failed"; }
n=`expr $n + 1`
n=$((n + 1))
echo_i "reset and check that records are correctly cached initially ($n)"
ret=0
load_cache
dump_cache
nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l`
nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l)
[ $nrecords -eq 18 ] || { ret=1; echo_i "found $nrecords records expected 18"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing of the full cache ($n)"
ret=0
clear_cache
dump_cache
nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | wc -l`
nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | wc -l)
[ $nrecords -eq 0 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing of individual nodes (interior node) ($n)"
ret=0
clear_cache
@ -133,9 +135,9 @@ in_cache txt top1.flushtest.example || ret=1
$RNDC $RNDCOPTS flushname top1.flushtest.example
in_cache txt top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing of individual nodes (leaf node, under the interior node) ($n)"
ret=0
# leaf node, under the interior node (should still exist)
@ -143,9 +145,9 @@ in_cache txt third2.second1.top1.flushtest.example || ret=1
$RNDC $RNDCOPTS flushname third2.second1.top1.flushtest.example
in_cache txt third2.second1.top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing of individual nodes (another leaf node, with both positive and negative cache entries) ($n)"
ret=0
# another leaf node, with both positive and negative cache entries
@ -155,16 +157,16 @@ $RNDC $RNDCOPTS flushname third1.second1.top1.flushtest.example
in_cache a third1.second1.top1.flushtest.example && ret=1
in_cache txt third1.second1.top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing a nonexistent name ($n)"
ret=0
$RNDC $RNDCOPTS flushname fake.flushtest.example || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing of namespaces ($n)"
ret=0
clear_cache
@ -189,43 +191,43 @@ in_cache txt second1.top2.flushtest.example && ret=1
in_cache txt second2.top2.flushtest.example && ret=1
in_cache txt second3.top2.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing a nonexistent namespace ($n)"
ret=0
$RNDC $RNDCOPTS flushtree fake.flushtest.example || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check the number of cached records remaining ($n)"
ret=0
dump_cache
nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -v '^;' | grep -E '(TXT|ANY)' | wc -l`
nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | grep -v '^;' | grep -E '(TXT|ANY)' | wc -l)
[ $nrecords -eq 17 ] || { ret=1; echo_i "found $nrecords records expected 17"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check the check that flushname of a partial match works ($n)"
ret=0
in_cache txt second2.top1.flushtest.example || ret=1
$RNDC $RNDCOPTS flushtree example
in_cache txt second2.top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check the number of cached records remaining ($n)"
ret=0
dump_cache
nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l`
nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l)
[ $nrecords -eq 1 ] || { ret=1; echo_i "found $nrecords records expected 1"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushtree clears adb correctly ($n)"
ret=0
load_cache
@ -245,23 +247,23 @@ grep 'plain success/timeout' sed.out.$n.b > /dev/null 2>&1 || ret=1
grep 'Unassociated entries' sed.out.$n.b > /dev/null 2>&1 || ret=1
grep 'ns.flushtest.example' sed.out.$n.b > /dev/null 2>&1 && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check expire option returned from primary zone ($n)"
ret=0
$DIG @10.53.0.1 -p ${PORT} +expire soa expire-test > dig.out.expire
grep EXPIRE: dig.out.expire > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check expire option returned from secondary zone ($n)"
ret=0
$DIG @10.53.0.2 -p ${PORT} +expire soa expire-test > dig.out.expire
grep EXPIRE: dig.out.expire > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

44
bin/tests/system/case/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+tcp +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}"
@ -24,7 +26,7 @@ wait_for_serial() (
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "waiting for zone transfer to complete ($n)"
ret=0
for i in 1 2 3 4 5 6 7 8 9
@ -40,16 +42,16 @@ do
sleep 1
done
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing case preserving responses - no acl ($n)"
ret=0
$DIG $DIGOPTS mx example. @10.53.0.1 > dig.ns1.test$n
grep "0.mail.eXaMpLe" dig.ns1.test$n > /dev/null || ret=1
grep "mAiL.example" dig.ns1.test$n > /dev/null || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing no-case-compress acl '{ 10.53.0.2; }' ($n)"
ret=0
@ -64,27 +66,27 @@ grep "0.mail.example" dig.ns2.test$n > /dev/null || ret=1
grep "mail.example" dig.ns2.test$n > /dev/null || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing load of dynamic zone with various \$ORIGIN values ($n)"
ret=0
$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n
digcomp dig.ns1.test$n dynamic.good || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "transfer of dynamic zone with various \$ORIGIN values ($n)"
ret=0
$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
digcomp dig.ns2.test$n dynamic.good || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "change SOA owner case via update ($n)"
$NSUPDATE << EOF
server 10.53.0.1 ${PORT}
@ -96,27 +98,27 @@ $DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n
digcomp dig.ns1.test$n postupdate.good || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "wait for zone to transfer ($n)"
retry_quiet 20 wait_for_serial 10.53.0.2 dynamic 2000042408 dig.ns2.test$n || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check SOA owner case is transferred to secondary ($n)"
ret=0
$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
digcomp dig.ns2.test$n postupdate.good || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
#update delete Ns1.DyNaMIC. 300 IN A 10.53.0.1
n=`expr $n + 1`
n=$((n + 1))
echo_i "change A record owner case via update ($n)"
$NSUPDATE << EOF
server 10.53.0.1 ${PORT}
@ -128,22 +130,22 @@ $DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n
digcomp dig.ns1.test$n postns1.good || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "wait for zone to transfer ($n)"
retry_quiet 20 wait_for_serial 10.53.0.2 dynamic 2000042409 dig.ns2.test$n || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check A owner case is transferred to secondary ($n)"
ret=0
$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
digcomp dig.ns2.test$n postns1.good || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

5
bin/tests/system/cds/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -21,8 +23,7 @@ fail() {
}
runcmd() {
"$@" 1> out.$n 2> err.$n
echo $?
("$@" 1> out.$n 2> err.$n; echo $?) || true
}
testcase() {

144
bin/tests/system/chain/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -23,49 +25,49 @@ sendcmd() {
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking short DNAME from authoritative ($n)"
ret=0
$DIG $DIGOPTS a.short-dname.example @10.53.0.2 a > dig.out.ns2.short || ret=1
grep "status: NOERROR" dig.out.ns2.short > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking short DNAME from recursive ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS a.short-dname.example @10.53.0.7 a > dig.out.ns4.short || ret=1
grep "status: NOERROR" dig.out.ns4.short > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking long DNAME from authoritative ($n)"
ret=0
$DIG $DIGOPTS a.long-dname.example @10.53.0.2 a > dig.out.ns2.long || ret=1
grep "status: NOERROR" dig.out.ns2.long > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking long DNAME from recursive ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS a.long-dname.example @10.53.0.7 a > dig.out.ns4.long || ret=1
grep "status: NOERROR" dig.out.ns4.long > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking (too) long DNAME from authoritative ($n)"
ret=0
$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.2 a > dig.out.ns2.toolong || ret=1
grep "status: YXDOMAIN" dig.out.ns2.toolong > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking (too) long DNAME from recursive with cached DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -73,9 +75,9 @@ $DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglon
grep "status: YXDOMAIN" dig.out.ns4.cachedtoolong > /dev/null || ret=1
grep '^long-dname\.example\..*DNAME.*long' dig.out.ns4.cachedtoolong > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking (too) long DNAME from recursive without cached DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -83,7 +85,7 @@ $DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglon
grep "status: YXDOMAIN" dig.out.ns4.uncachedtoolong > /dev/null || ret=1
grep '^toolong-dname\.example\..*DNAME.*long' dig.out.ns4.uncachedtoolong > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
find_records() {
owner_name="$1"
@ -125,7 +127,7 @@ ensure_no_ds_in_bitmap() {
find_records "$owner_name" "$rr_type" "$file" | awk '{ for (i='"$start_index"'; i<=NF; i++) if ($i == "DS") exit 1 }'
}
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking secure delegation prepared using CNAME chaining ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
@ -135,9 +137,9 @@ $DIG $DIGOPTS @10.53.0.2 cname.wildcard-secure.example A +norec +dnssec > dig.ou
exactly_one_record_exists_for "delegation.wildcard-secure.example." NS dig.out.2.$n || ret=1
exactly_one_record_exists_for "delegation.wildcard-secure.example." DS dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking secure delegation prepared using wildcard expansion + CNAME chaining ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset, an
@ -152,9 +154,9 @@ exactly_one_record_exists_for "*.wildcard-secure.example." NSEC dig.out.2.$n ||
no_records_exist_for "cname.wildcard-secure.example." NSEC dig.out.2.$n || ret=1
no_records_exist_for "delegation.wildcard-secure.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using CNAME chaining, NSEC ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
@ -173,9 +175,9 @@ exactly_one_record_exists_for "delegation.wildcard-nsec.example." NSEC dig.out.2
# type bit map.
ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC, QNAME #1 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -195,9 +197,9 @@ exactly_one_record_exists_for "delegation.wildcard-nsec.example." NSEC dig.out.2
# type bit map.
ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC, QNAME #2 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -218,7 +220,7 @@ exactly_one_record_exists_for "delegation.wildcard-nsec.example." NSEC dig.out.2
# type bit map.
ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Relevant NSEC3 hashes:
#
@ -240,7 +242,7 @@ status=`expr $status + $ret`
# $ nsec3hash - 1 0 z-nonexistent-name.wildcard-nsec3.example.
# SG2DEHEAOGCKP7FTNQAUVC3I3TIPJH0J (salt=-, hash=1, iterations=0)
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using CNAME chaining, NSEC3 ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
@ -259,9 +261,9 @@ no_records_exist_for "Q64D8L8HLSB3L98S59PM8OSSMI7SMQA2.wildcard-nsec3.example."
# the type bit map.
ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3, QNAME #1 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -281,9 +283,9 @@ exactly_one_record_exists_for "Q64D8L8HLSB3L98S59PM8OSSMI7SMQA2.wildcard-nsec3.e
# the type bit map.
ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3, QNAME #2 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -304,7 +306,7 @@ no_records_exist_for "Q64D8L8HLSB3L98S59PM8OSSMI7SMQA2.wildcard-nsec3.example."
# the type bit map.
ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Relevant NSEC3 hashes:
#
@ -329,7 +331,7 @@ status=`expr $status + $ret`
# $ nsec3hash - 1 0 z-nonexistent-name.wildcard-nsec3-optout.example.
# V7OTS4791T9SU0HKVL93EVNAJ9JH2CH3 (salt=-, hash=1, iterations=0)
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using CNAME chaining, NSEC3 with opt-out ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
@ -347,9 +349,9 @@ exactly_one_record_exists_for "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-o
# the type bit map.
ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3 with opt-out, QNAME #1 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -368,9 +370,9 @@ exactly_one_record_exists_for "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-o
# the type bit map.
ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3 with opt-out, QNAME #2 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -390,17 +392,17 @@ exactly_one_record_exists_for "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-o
# the type bit map.
ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to DNAME from authoritative ($n)"
ret=0
$DIG $DIGOPTS cname.example @10.53.0.2 a > dig.out.ns2.cname
grep "status: NOERROR" dig.out.ns2.cname > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to DNAME from recursive"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -411,9 +413,9 @@ grep '^cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1
grep '^a.cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1
grep '^a.target.example.' dig.out.ns4.cname > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME is returned with synthesized CNAME before DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -422,9 +424,9 @@ grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
grep '^name.synth-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1
grep '^synth-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME is returned with CNAME to synthesized CNAME before DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -434,9 +436,9 @@ grep '^cname-to-synth2-then-dname\.example\.broken\..*CNAME.*name\.synth2-then-d
grep '^name\.synth2-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1
grep '^synth2-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME loops are detected ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -444,9 +446,9 @@ $DIG $DIGOPTS @10.53.0.7 loop.example > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
grep "ANSWER: 17" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to external delegated zones is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -454,9 +456,9 @@ $DIG $DIGOPTS @10.53.0.7 a.example > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to internal delegated zones is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -464,27 +466,27 @@ $DIG $DIGOPTS @10.53.0.7 b.example > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to signed external delegation is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS @10.53.0.7 c.example > dig.out.$n
grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to signed internal delegation is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS @10.53.0.7 d.example > dig.out.$n
grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME chains in various orders ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -523,9 +525,9 @@ $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.6.$n 2>&1
grep 'status: NOERROR' dig.out.6.$n > /dev/null 2>&1 || ret=1
grep 'ANSWER: 2' dig.out.6.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that only the initial CNAME is cached ($n)"
ret=0
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
@ -534,12 +536,12 @@ $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
sleep 1
$DIG $DIGOPTS +noall +answer @10.53.0.7 cname1.domain.nil > dig.out.2.$n 2>&1
ttl=`awk '{print $2}' dig.out.2.$n`
ttl=$(awk '{print $2}' dig.out.2.$n)
[ "$ttl" -eq 86400 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME chains in various orders ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -562,9 +564,9 @@ grep 'status: NOERROR' dig.out.3.$n > /dev/null 2>&1 || ret=1
grep 'ANSWER: 3' dig.out.3.$n > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking external CNAME/DNAME chains in various orders ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -585,18 +587,18 @@ $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
grep 'status: SERVFAIL' dig.out.3.$n > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking explicit DNAME query ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS @10.53.0.7 dname short-dname.example > dig.out.7.$n 2>&1
grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME via ANY query ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -604,25 +606,25 @@ $RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS @10.53.0.7 any short-dname.example > dig.out.7.$n 2>&1
grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Regression test for CVE-2021-25215 (authoritative server).
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME resolution via itself (authoritative) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 DNAME self.domain0.self.domain0.nil. > dig.out.2.$n 2>&1
grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Regression test for CVE-2021-25215 (recursive resolver).
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME resolution via itself (recursive) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.7 DNAME self.example.self.example.dname. > dig.out.7.$n 2>&1
grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

321
bin/tests/system/checkconf/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -18,14 +20,14 @@ n=0
mkdir keys
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf handles a known good config ($n)"
ret=0
$CHECKCONF good.conf > checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf prints a known good config ($n)"
ret=0
awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in
@ -34,9 +36,9 @@ $CHECKCONF -p good.conf.in > checkconf.out$n || ret=1
grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
cmp good.conf.in good.conf.out || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -x removes secrets ($n)"
ret=0
# ensure there is a secret and that it is not the check string.
@ -46,15 +48,15 @@ $CHECKCONF -p -x good.conf.in > checkconf.out$n || ret=1
grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
for bad in bad-*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf detects error in $bad ($n)"
ret=0
$CHECKCONF $bad > checkconf.out$n 2>&1
if [ $? -ne 1 ]; then ret=1; fi
{ $CHECKCONF $bad > checkconf.out$n 2>&1; rc=$?; } || true
if [ $rc -ne 1 ]; then ret=1; fi
grep "^$bad:[0-9]*: " < checkconf.out$n > /dev/null || ret=1
case $bad in
bad-update-policy[123].conf)
@ -71,12 +73,12 @@ do
;;
esac
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for good in good-*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf detects no error in $good ($n)"
ret=0
if ! $FEATURETEST --with-libnghttp2
@ -86,79 +88,78 @@ do
good-dot-*.conf) continue;;
esac
fi
$CHECKCONF $good > checkconf.out$n 2>&1
if [ $? -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
{ $CHECKCONF $good > checkconf.out$n 2>&1; rc=$?; } || true
if [ $rc -ne 0 ]; then echo_i "failed"; ret=1; fi
status=$((status + ret))
done
for lmdb in lmdb-*.conf
do
n=`expr $n + 1`
n=$((n + 1))
ret=0
$FEATURETEST --with-lmdb
if [ $? -eq 0 ]; then
if $FEATURETEST --with-lmdb; then
echo_i "checking that named-checkconf detects no error in $lmdb ($n)"
$CHECKCONF $lmdb > checkconf.out$n 2>&1
if [ $? -ne 0 ]; then echo_i "failed"; ret=1; fi
{ $CHECKCONF $lmdb > checkconf.out$n 2>&1; rc=$?; } || true
if [ $rc -ne 0 ]; then echo_i "failed"; ret=1; fi
else
echo_i "checking that named-checkconf detects error in $lmdb ($n)"
$CHECKCONF $lmdb > checkconf.out$n 2>&1
if [ $? -eq 0 ]; then echo_i "failed"; ret=1; fi
{ $CHECKCONF $lmdb > checkconf.out$n 2>&1; rc=$?; } || true
if [ $rc -eq 0 ]; then echo_i "failed"; ret=1; fi
fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that ancient options report a fatal error ($n)"
ret=0
$CHECKCONF ancient.conf > ancient.out 2>&1 && ret=1
grep "no longer exists" ancient.out > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z catches missing hint file ($n)"
ret=0
$CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1
grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf catches range errors ($n)"
ret=0
$CHECKCONF range.conf > checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf warns of notify inconsistencies ($n)"
ret=0
$CHECKCONF notify.conf > checkconf.out$n 2>&1
warnings=`grep "'notify' is disabled" < checkconf.out$n | wc -l`
warnings=$(grep "'notify' is disabled" < checkconf.out$n | wc -l)
[ $warnings -eq 3 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf dnssec warnings ($n)"
ret=0
# dnssec.1: auto-dnssec warning
$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1
$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1 && ret=1
grep 'auto-dnssec may only be ' < checkconf.out$n.1 > /dev/null || ret=1
# dnssec.2: should have no warnings (other than deprecation warning)
$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1
$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1 || ret=1
grep "option 'auto-dnssec' is deprecated" < checkconf.out$n.2 > /dev/null || ret=1
lines=$(wc -l < "checkconf.out$n.2")
if [ $lines != 1 ]; then ret=1; fi
# dnssec.3: should have specific deprecation warning
$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1
$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1 && ret=1
grep "'auto-dnssec' option is deprecated and will be removed in BIND 9\.19" < checkconf.out$n.3 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf deprecate warnings ($n)"
ret=0
$CHECKCONF deprecated.conf > checkconf.out$n.1 2>&1
@ -174,27 +175,27 @@ grep "option 'root-delegation-only' is deprecated" < checkconf.out$n.1 > /dev/nu
grep "'type delegation-only' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
grep "token 'port' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# set -i to ignore deprecate warnings
$CHECKCONF -i deprecated.conf > checkconf.out$n.2 2>&1
grep '.*' < checkconf.out$n.2 > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf servestale warnings ($n)"
ret=0
$CHECKCONF servestale.stale-refresh-time.0.conf > checkconf.out$n.1 2>&1
grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
ret=0
$CHECKCONF servestale.stale-refresh-time.29.conf > checkconf.out$n.1 2>&1
grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "range checking fields that do not allow zero ($n)"
ret=0
for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do
@ -203,15 +204,15 @@ options {
$field 0;
};
EOF
$CHECKCONF badzero.conf > checkconf.out$n.1 2>&1
[ $? -eq 1 ] || { echo_i "options $field failed" ; ret=1; }
{ $CHECKCONF badzero.conf > checkconf.out$n.1 2>&1; rc=$?; } || true
[ $rc -eq 1 ] || { echo_i "options $field failed" ; ret=1; }
cat > badzero.conf << EOF
view dummy {
$field 0;
};
EOF
$CHECKCONF badzero.conf > checkconf.out$n.2 2>&1
[ $? -eq 1 ] || { echo_i "view $field failed" ; ret=1; }
{ $CHECKCONF badzero.conf > checkconf.out$n.2 2>&1; rc=$?; } || true
[ $rc -eq 1 ] || { echo_i "view $field failed" ; ret=1; }
cat > badzero.conf << EOF
options {
$field 0;
@ -219,8 +220,8 @@ options {
view dummy {
};
EOF
$CHECKCONF badzero.conf > checkconf.out$n.3 2>&1
[ $? -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; }
{ $CHECKCONF badzero.conf > checkconf.out$n.3 2>&1; rc=$?; } || true
[ $rc -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; }
cat > badzero.conf << EOF
zone dummy {
type secondary;
@ -228,213 +229,213 @@ zone dummy {
$field 0;
};
EOF
$CHECKCONF badzero.conf > checkconf.out$n.4 2>&1
[ $? -eq 1 ] || { echo_i "zone $field failed" ; ret=1; }
{ $CHECKCONF badzero.conf > checkconf.out$n.4 2>&1; rc=$?; } || true
[ $rc -eq 1 ] || { echo_i "zone $field failed" ; ret=1; }
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking options allowed in inline-signing secondaries ($n)"
ret=0
$CHECKCONF bad-dnssec.conf > checkconf.out$n.1 2>&1
l=`grep "dnssec-dnskey-kskonly.*requires inline" < checkconf.out$n.1 | wc -l`
$CHECKCONF bad-dnssec.conf > checkconf.out$n.1 2>&1 && ret=1
l=$(grep "dnssec-dnskey-kskonly.*requires inline" < checkconf.out$n.1 | wc -l)
[ $l -eq 1 ] || ret=1
$CHECKCONF bad-dnssec.conf > checkconf.out$n.2 2>&1
l=`grep "dnssec-loadkeys-interval.*requires inline" < checkconf.out$n.2 | wc -l`
$CHECKCONF bad-dnssec.conf > checkconf.out$n.2 2>&1 && ret=1
l=$(grep "dnssec-loadkeys-interval.*requires inline" < checkconf.out$n.2 | wc -l)
[ $l -eq 1 ] || ret=1
$CHECKCONF bad-dnssec.conf > checkconf.out$n.3 2>&1
l=`grep "update-check-ksk.*requires inline" < checkconf.out$n.3 | wc -l`
$CHECKCONF bad-dnssec.conf > checkconf.out$n.3 2>&1 && ret=1
l=$(grep "update-check-ksk.*requires inline" < checkconf.out$n.3 | wc -l)
[ $l -eq 1 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check file + inline-signing for secondary zones ($n)"
$CHECKCONF inline-no.conf > checkconf.out$n.1 2>&1
l=`grep "missing 'file' entry" < checkconf.out$n.1 | wc -l`
$CHECKCONF inline-no.conf > checkconf.out$n.1 2>&1 && ret=1
l=$(grep "missing 'file' entry" < checkconf.out$n.1 | wc -l)
[ $l -eq 0 ] || ret=1
$CHECKCONF inline-good.conf > checkconf.out$n.2 2>&1
l=`grep "missing 'file' entry" < checkconf.out$n.2 | wc -l`
$CHECKCONF inline-good.conf > checkconf.out$n.2 2>&1 || ret=1
l=$(grep "missing 'file' entry" < checkconf.out$n.2 | wc -l)
[ $l -eq 0 ] || ret=1
$CHECKCONF inline-bad.conf > checkconf.out$n.3 2>&1
l=`grep "missing 'file' entry" < checkconf.out$n.3 | wc -l`
$CHECKCONF inline-bad.conf > checkconf.out$n.3 2>&1 && ret=1
l=$(grep "missing 'file' entry" < checkconf.out$n.3 | wc -l)
[ $l -eq 1 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf DLZ warnings ($n)"
ret=0
$CHECKCONF dlz-bad.conf > checkconf.out$n 2>&1
$CHECKCONF dlz-bad.conf > checkconf.out$n 2>&1 && ret=1
grep "'dlz' and 'database'" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking for missing key directory warning ($n)"
ret=0
rm -rf test.keydir
$CHECKCONF warn-keydir.conf > checkconf.out$n.1 2>&1
l=`grep "'test.keydir' does not exist" < checkconf.out$n.1 | wc -l`
l=$(grep "'test.keydir' does not exist" < checkconf.out$n.1 | wc -l)
[ $l -eq 1 ] || ret=1
touch test.keydir
$CHECKCONF warn-keydir.conf > checkconf.out$n.2 2>&1
l=`grep "'test.keydir' is not a directory" < checkconf.out$n.2 | wc -l`
l=$(grep "'test.keydir' is not a directory" < checkconf.out$n.2 | wc -l)
[ $l -eq 1 ] || ret=1
rm -f test.keydir
mkdir test.keydir
$CHECKCONF warn-keydir.conf > checkconf.out$n.3 2>&1
l=`grep "key-directory" < checkconf.out$n.3 | wc -l`
l=$(grep "key-directory" < checkconf.out$n.3 | wc -l)
[ $l -eq 0 ] || ret=1
rm -rf test.keydir
if [ $ret -ne 0 ]; then echo_i "failed"; fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)"
ret=0
$CHECKCONF -z max-ttl.conf > check.out 2>&1
$CHECKCONF -z max-ttl.conf > check.out 2>&1 && ret=1
grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z catches invalid max-ttl ($n)"
ret=0
$CHECKCONF -z max-ttl-bad.conf > checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z skips zone check with alternate databases ($n)"
ret=0
$CHECKCONF -z altdb.conf > checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z skips zone check with DLZ ($n)"
ret=0
$CHECKCONF -z altdlz.conf > checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z fails on view with ANY class ($n)"
ret=0
$CHECKCONF -z view-class-any1.conf > checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z fails on view with CLASS255 class ($n)"
ret=0
$CHECKCONF -z view-class-any2.conf > checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z passes on view with IN class ($n)"
ret=0
$CHECKCONF -z view-class-in1.conf > checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z passes on view with CLASS1 class ($n)"
ret=0
$CHECKCONF -z view-class-in2.conf > checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-names fails as configured ($n)"
ret=0
$CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "near '_underscore': bad name (check-names)" < checkconf.out$n > /dev/null || ret=1
grep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-mx fails as configured ($n)"
ret=0
$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "near '10.0.0.1': MX is an address" < checkconf.out$n > /dev/null || ret=1
grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-dup-records fails as configured ($n)"
ret=0
$CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "has semantically identical records" < checkconf.out$n > /dev/null || ret=1
grep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-mx fails as configured ($n)"
ret=0
$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "failed: MX is an address" < checkconf.out$n > /dev/null || ret=1
grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-mx-cname fails as configured ($n)"
ret=0
$CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "MX.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1
grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-srv-cname fails as configured ($n)"
ret=0
$CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "SRV.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1
grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that named-checkconf -p properly print a port range ($n)"
ret=0
$CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1
grep "range 8610 8614;" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that named-checkconf -z handles in-view ($n)"
ret=0
$CHECKCONF -z in-view-good.conf > checkconf.out$n 2>&1 || ret=1
grep "zone shared.example/IN: loaded serial" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that named-checkconf -z returns error when a later view is okay ($n)"
ret=0
$CHECKCONF -z check-missing-zone.conf > checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that named-checkconf prints max-cache-size <percentage> correctly ($n)"
ret=0
$CHECKCONF -p max-cache-size-good.conf > checkconf.out$n 2>&1 || ret=1
grep "max-cache-size 60%;" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that named-checkconf -l prints out the zone list ($n)"
ret=0
$CHECKCONF -l good.conf |
@ -445,66 +446,66 @@ grep -v "no longer exists" |
grep -v "is obsolete" > checkconf.out$n || ret=1
diff good.zonelist checkconf.out$n > diff.out$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)"
ret=0
$CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] || ret=1
grep "key without the updated" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not generate a warning ($n)"
ret=0
$CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that the 2017 ICANN ROOT KSK alone does not generate a warning ($n)"
ret=0
$CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that a static root key generates a warning ($n)"
ret=0
$CHECKCONF check-root-static-key.conf > checkconf.out$n 2>/dev/null || ret=1
grep "static entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that a static root DS trust anchor generates a warning ($n)"
ret=0
$CHECKCONF check-root-static-ds.conf > checkconf.out$n 2>/dev/null || ret=1
grep "static entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that a trusted-keys entry for root generates a warning ($n)"
ret=0
$CHECKCONF check-root-trusted-key.conf > checkconf.out$n 2>/dev/null || ret=1
grep "trusted-keys entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that using trust-anchors and managed-keys generates an error ($n)"
ret=0
$CHECKCONF check-mixed-keys.conf > checkconf.out$n 2>/dev/null && ret=1
grep "use of managed-keys is not allowed" checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp errors ($n)"
ret=0
$CHECKCONF kasp-and-other-dnssec-options.conf > checkconf.out$n 2>&1 && ret=1
@ -517,9 +518,9 @@ grep "dnssec-update-mode: cannot be configured if dnssec-policy is also set" < c
grep "sig-validity-interval: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
grep "update-check-ksk: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp nsec3 iterations errors ($n)"
ret=0
$CHECKCONF kasp-bad-nsec3-iter.conf > checkconf.out$n 2>&1 && ret=1
@ -527,25 +528,25 @@ grep "dnssec-policy: nsec3 iterations value 151 out of range" < checkconf.out$n
lines=$(wc -l < "checkconf.out$n")
if [ $lines -ne 3 ]; then ret=1; fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp nsec3 algorithm errors ($n)"
ret=0
$CHECKCONF kasp-bad-nsec3-alg.conf > checkconf.out$n 2>&1 && ret=1
grep "dnssec-policy: cannot use nsec3 with algorithm 'RSASHA1'" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp key errors ($n)"
ret=0
$CHECKCONF kasp-bad-keylen.conf > checkconf.out$n 2>&1 && ret=1
grep "dnssec-policy: key with algorithm rsasha1 has invalid key length 511" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp signatures refresh errors ($n)"
ret=0
$CHECKCONF kasp-bad-signatures-refresh.conf > checkconf.out$n 2>&1 && ret=1
@ -554,26 +555,26 @@ grep "dnssec-policy: policy 'bad-sigrefresh-dnskey' signatures-refresh must be a
lines=$(wc -l < "checkconf.out$n")
if [ $lines -ne 2 ]; then ret=1; fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp key lifetime errors ($n)"
ret=0
$CHECKCONF kasp-bad-lifetime.conf > checkconf.out$n 2>&1 && ret=1
lines=$(grep "dnssec-policy: key lifetime is shorter than the time it takes to do a rollover" < checkconf.out$n | wc -l) || ret=1
if [ $lines -ne 3 ]; then ret=1; fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp predefined key length ($n)"
ret=0
$CHECKCONF kasp-ignore-keylen.conf > checkconf.out$n 2>&1 || ret=1
grep "dnssec-policy: key algorithm ecdsa256 has predefined length; ignoring length value 2048" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp warns about weird policies ($n)"
ret=0
$CHECKCONF kasp-warning.conf > checkconf.out$n 2>&1 || ret=1
@ -585,16 +586,16 @@ grep "dnssec-policy: key lifetime is shorter than 30 days" < checkconf.out$n > /
lines=$(wc -l < "checkconf.out$n")
if [ $lines -ne 5 ]; then ret=1; fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that a good 'kasp' configuration is accepted ($n)"
ret=0
$CHECKCONF good-kasp.conf > checkconf.out$n 2>/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf prints a known good kasp config ($n)"
ret=0
awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good-kasp.conf > good-kasp.conf.in
@ -602,17 +603,17 @@ awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good-ka
$CHECKCONF -p good-kasp.conf.in | grep -v '^good-kasp.conf.in:' > good-kasp.conf.out 2>&1 || ret=1
cmp good-kasp.conf.in good-kasp.conf.out || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that max-ixfr-ratio 100% generates a warning ($n)"
ret=0
$CHECKCONF warn-maxratio1.conf > checkconf.out$n 2>/dev/null || ret=1
grep "exceeds 100%" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that *-source options with specified port generate warnings ($n)"
ret=0
$CHECKCONF warn-transfer-source.conf > checkconf.out$n 2>/dev/null || ret=1
@ -622,39 +623,39 @@ grep "not recommended" < checkconf.out$n > /dev/null || ret=1
$CHECKCONF warn-parental-source.conf > checkconf.out$n 2>/dev/null || ret=1
grep "not recommended" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that using both max-zone-ttl and dnssec-policy generates a warning ($n)"
ret=0
$CHECKCONF warn-kasp-max-zone-ttl.conf > checkconf.out$n 2>/dev/null || ret=1
grep "option 'max-zone-ttl' is ignored when used together with 'dnssec-policy'" < checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check obsolete options generate warnings ($n)"
ret=0
$CHECKCONF warn-random-device.conf > checkconf.out$n 2>/dev/null || ret=1
grep "option 'random-device' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that 'check-wildcard no;' succeeds as configured ($n)"
ret=0
$CHECKCONF -z check-wildcard-no.conf > checkconf.out$n 2>&1 || ret=1
grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that 'check-wildcard yes;' warns as configured ($n)"
ret=0
$CHECKCONF -z check-wildcard.conf > checkconf.out$n 2>&1 || ret=1
grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
rmdir keys

46
bin/tests/system/checknames/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -31,24 +33,24 @@ $DIG $DIGOPTS fail.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1
grep SERVFAIL dig.out.ns1.test$n > /dev/null || ret=1
grep 'xx_xx.fail.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# Entry should exist.
echo_i "check for warnings from on zone load for 'check-names warn;' ($n)"
ret=0
grep 'xx_xx.warn.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# Entry should not exist.
echo_i "check for warnings from on zone load for 'check-names ignore;' ($n)"
ret=1
grep 'yy_yy.ignore.example: bad owner name (check-names)' ns1/named.run || ret=0
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# Entry should exist
echo_i "check that 'check-names response warn;' works ($n)"
@ -58,8 +60,8 @@ $DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.2 a > dig.out.ns2.test$n ||
digcomp dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
grep "check-names warning yy_yy.ignore.example/A/IN" ns2/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# Entry should exist
echo_i "check that 'check-names response (owner) fails;' works ($n)"
@ -70,8 +72,8 @@ grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
grep REFUSED dig.out.ns3.test$n > /dev/null || ret=1
grep "check-names failure yy_yy.ignore.example/A/IN" ns3/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# Entry should exist
echo_i "check that 'check-names response (rdata) fails;' works ($n)"
@ -82,8 +84,8 @@ grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
grep SERVFAIL dig.out.ns3.test$n > /dev/null || ret=1
grep "check-names failure mx.ignore.example/MX/IN" ns3/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names fail;' are rejected ($n)"
ret=0
@ -99,8 +101,8 @@ $DIG $DIGOPTS xxx_xxx.fail.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
grep "xxx_xxx.fail.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1
grep NXDOMAIN dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names warn;' succeed and are logged ($n)"
ret=0
@ -114,8 +116,8 @@ $DIG $DIGOPTS xxx_xxx.warn.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
grep "xxx_xxx.warn.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1
grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names ignore;' succeed and are not logged ($n)"
ret=0
@ -131,8 +133,8 @@ if [ $not != 0 ]; then ret=1; fi
$DIG $DIGOPTS xxx_xxx.ignore.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names primary ignore;' succeed and are not logged ($n)"
ret=0
@ -148,8 +150,8 @@ if [ $not != 0 ]; then ret=1; fi
$DIG $DIGOPTS xxx_xxx.primary-ignore.update @10.53.0.4 A > dig.out.ns4.test$n || ret=1
grep NOERROR dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)"
ret=0
@ -175,8 +177,8 @@ ret=0
retry_quiet 35 wait_for_record xxx_xxx.master-ignore.update @10.53.0.4 A dig.out.ns4.test$n || ret=1
grep "xxx_xxx.master-ignore.update/A.*(check-names)" ns4/named.run > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)"
ret=0

2
bin/tests/system/checkzone/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0

2
bin/tests/system/ckdnsrps.sh
View file

@ -38,7 +38,7 @@ while getopts "xADM:S:" c; do
*) echo "$USAGE" 1>&2; exit 1;;
esac
done
shift `expr $OPTIND - 1 || true`
shift $(expr $OPTIND - 1 || true)
if [ "$#" -ne 0 ]; then
echo "$USAGE" 1>&2
exit 1

3
bin/tests/system/conf.sh.common
View file

@ -246,8 +246,7 @@ cat_d() {
}
digcomp() {
output=`$PERL $TOP_SRCDIR/bin/tests/system/digcomp.pl "$@"`
result=$?
{ output=`$PERL $TOP_SRCDIR/bin/tests/system/digcomp.pl "$@"`; result=$?; } || true
[ -n "$output" ] && { echo "digcomp failed:"; echo "$output"; } | cat_i
return $result
}

164
bin/tests/system/cookie/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -37,139 +39,139 @@ havetc() {
for bad in bad*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf detects error in $bad ($n)"
ret=0
$CHECKCONF $bad > /dev/null 2>&1 && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for good in good*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf detects accepts $good ($n)"
ret=0
$CHECKCONF $good > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RCODE=FORMERR to query without question section and without COOKIE option ($n)"
ret=0
$DIG $DIGOPTS +qr +header-only +nocookie version.bind txt ch @10.53.0.1 > dig.out.test$n
grep COOKIE: dig.out.test$n > /dev/null && ret=1
grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RCODE=NOERROR to query without question section and with COOKIE option ($n)"
ret=0
$DIG $DIGOPTS +qr +header-only +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n
grep COOKIE: dig.out.test$n > /dev/null || ret=1
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking COOKIE token is returned to empty COOKIE option ($n)"
ret=0
$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n
grep COOKIE: dig.out.test$n > /dev/null || ret=1
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking COOKIE is not returned when answer-cookie is false ($n)"
ret=0
$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.7 > dig.out.test$n
grep COOKIE: dig.out.test$n > /dev/null && ret=1
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking response size without COOKIE ($n)"
ret=0
$DIG $DIGOPTS large.example txt @10.53.0.1 +ignore > dig.out.test$n
havetc dig.out.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking response size without valid COOKIE ($n)"
ret=0
$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n
havetc dig.out.test$n || ret=1
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking response size with COOKIE ($n)"
ret=0
$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 > dig.out.test$n.l
cookie=`getcookie dig.out.test$n.l`
cookie=$(getcookie dig.out.test$n.l)
$DIG $DIGOPTS +qr +cookie=$cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n
havetc dig.out.test$n && ret=1
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking response size with COOKIE recursive ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=$cookie large.xxx txt @10.53.0.1 +ignore > dig.out.test$n
havetc dig.out.test$n && ret=1
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking COOKIE is learnt for TCP retry ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie large.example txt @10.53.0.1 > dig.out.test$n
linecount=`getcookie dig.out.test$n | wc -l`
linecount=$(getcookie dig.out.test$n | wc -l)
if [ $linecount != 3 ]; then ret=1; fi
checkfull=`getcookie dig.out.test$n | fullcookie`
checkfull=$(getcookie dig.out.test$n | fullcookie)
if [ $checkfull != 1 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking for COOKIE value in adb ($n)"
ret=0
rndc_dumpdb ns1
grep "10.53.0.2.*\[cookie=" ns1/named_dump.db.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking require-server-cookie default (no) ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 > dig.out.test$n
grep BADCOOKIE dig.out.test$n > /dev/null && ret=1
linecount=`getcookie dig.out.test$n | wc -l`
linecount=$(getcookie dig.out.test$n | wc -l)
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking require-server-cookie yes ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 > dig.out.test$n
grep "flags: qr[^;]* aa[ ;]" dig.out.test$n > /dev/null && ret=1
grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
grep BADCOOKIE dig.out.test$n > /dev/null || ret=1
linecount=`getcookie dig.out.test$n | wc -l`
linecount=$(getcookie dig.out.test$n | wc -l)
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking +qr +showbadcookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n
@ -177,16 +179,16 @@ noerror=$(grep "status: NOERROR" dig.out.test$n | wc -l)
badcookie=$(grep "status: BADCOOKIE" dig.out.test$n | wc -l)
server=$(grep "COOKIE: ................................................" dig.out.test$n | wc -l)
good=$(grep "COOKIE: ................................................ (good)" dig.out.test$n | wc -l)
linecount=`getcookie dig.out.test$n | wc -l`
linecount=$(getcookie dig.out.test$n | wc -l)
if [ $noerror != 3 ]; then ret=1; fi
if [ $badcookie != 1 ]; then ret=1; fi
if [ $server != 3 ]; then ret=1; fi
if [ $good != 2 ]; then ret=1; fi
if [ $linecount != 4 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "checking +showbadcookie ($n)"
ret=0
$DIG $DIGOPTS +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n
@ -194,49 +196,49 @@ noerror=$(grep "status: NOERROR" dig.out.test$n | wc -l)
badcookie=$(grep "status: BADCOOKIE" dig.out.test$n | wc -l)
server=$(grep "COOKIE: ................................................" dig.out.test$n | wc -l)
good=$(grep "COOKIE: ................................................ (good)" dig.out.test$n | wc -l)
linecount=`getcookie dig.out.test$n | wc -l`
linecount=$(getcookie dig.out.test$n | wc -l)
if [ $noerror != 1 ]; then ret=1; fi
if [ $badcookie != 1 ]; then ret=1; fi
if [ $server != 2 ]; then ret=1; fi
if [ $good != 2 ]; then ret=1; fi
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking require-server-cookie yes with rate-limit ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 > dig.out.test$n
grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
grep BADCOOKIE dig.out.test$n > /dev/null || ret=1
linecount=`getcookie dig.out.test$n | wc -l`
linecount=$(getcookie dig.out.test$n | wc -l)
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "send undersized cookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=000000 soa @10.53.0.1 > dig.out.test$n || ret=1
grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "send oversized for named cookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.1 > dig.out.test$n || ret=1
grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "send oversized for named cookie with server requiring a good cookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.3 > dig.out.test$n || ret=1
grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
#
# Test shared cookie-secret support.
@ -255,90 +257,90 @@ status=`expr $status + $ret`
# Force local address so that the client's address is the same to all servers.
#
n=`expr $n + 1`
n=$((n + 1))
echo_i "get NS4 cookie for cross server checking ($n)"
ret=0
$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.4 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
ns4cookie=`getcookie dig.out.test$n`
ns4cookie=$(getcookie dig.out.test$n)
test -n "$ns4cookie" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "get NS5 cookie for cross server checking ($n)"
ret=0
$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.5 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
ns5cookie=`getcookie dig.out.test$n`
ns5cookie=$(getcookie dig.out.test$n)
test -n "$ns5cookie" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "get NS6 cookie for cross server checking ($n)"
ret=0
$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.6 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
ns6cookie=`getcookie dig.out.test$n`
ns6cookie=$(getcookie dig.out.test$n)
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS4 cookie on NS5 (expect success) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS4 cookie on NS6 (expect badcookie) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS5 cookie on NS4 (expect success) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS5 cookie on NS6 (expect badcookie) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS6 cookie on NS4 (expect badcookie) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS6 cookie on NS5 (expect success) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that test server is correctly configured ($n)"
ret=0
pat="; COOKIE: ................................ (good)"
@ -401,9 +403,9 @@ grep 'A.10\.53\.0\.10' dig.out.test$n.8 > /dev/null && ret=1
grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.8 > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that spoofed response is dropped when we have a server cookie ($n)"
ret=0
msg="missing expected cookie from"
@ -421,9 +423,9 @@ grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that gracefully handle server disabling DNS COOKIE we have a server cookie ($n)"
ret=0
msg="missing expected cookie from"
@ -441,9 +443,9 @@ grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that spoofed response with a TSIG is dropped when we have a server cookie ($n)"
ret=0
pat='10\.53\.0\.9 .*\[cookie=................................\] \[ttl'
@ -462,7 +464,7 @@ nextpart ns1/named.run > named.run.test$n
count=$(grep -c ') [0-9][0-9]* NOERROR 0' named.run.test$n)
test $count -eq 1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if $PYTHON -c '
import dns.version, sys;
@ -470,7 +472,7 @@ if dns.version.MAJOR > 1: sys.exit(0);
if dns.version.MAJOR == 1 and dns.version.MINOR >= 16: sys.exit(0);
sys.exit(1)'
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that TSIG test server is correctly configured ($n)"
ret=0
pat="; COOKIE: ................................ (good)"
@ -520,9 +522,9 @@ then
grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that missing COOKIE with a valid TSIG signed response does not trigger TCP fallback ($n)"
ret=0
pat='10\.53\.0\.10 .*\[cookie=................................\] \[ttl'
@ -541,7 +543,7 @@ then
count=$(grep -c ') [0-9][0-9]* NOERROR 0' named.run.test$n)
test $count -eq 2 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "exit status: $status"

12
bin/tests/system/database/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -27,9 +29,9 @@ echo_i "checking pre reload zone ($n)"
ret=0
$DIG $DIGOPTS soa database. @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep "hostmaster\.isc\.org" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
copy_setports ns1/named2.conf.in ns1/named.conf
$RNDCCMD reload 2>&1 >/dev/null
@ -43,12 +45,12 @@ do
ret=0
$DIG $DIGOPTS soa database. @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep "marka\.isc\.org" dig.out.ns1.test$n > /dev/null || ret=1
try=`expr $try + 1`
try=$((try + 1))
test $ret -eq 0 && break
done
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

10
bin/tests/system/dialup/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -30,7 +32,7 @@ do
$DIG $DIGOPTS example. @10.53.0.2 soa > dig.out.ns2.test || ret=1
if grep SERVFAIL dig.out.ns2.test > /dev/null
then
try=`expr $try + 1`
try=$((try + 1))
sleep 1
else
digcomp dig.out.ns1.test dig.out.ns2.test || ret=1
@ -39,7 +41,7 @@ do
done
echo_i "try $try"
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that second zone transfer worked"
ret=0
@ -49,7 +51,7 @@ do
$DIG $DIGOPTS example. @10.53.0.3 soa > dig.out.ns3.test || ret=1
if grep SERVFAIL dig.out.ns3.test > /dev/null
then
try=`expr $try + 1`
try=$((try + 1))
sleep 1
else
digcomp dig.out.ns1.test dig.out.ns3.test || ret=1
@ -58,7 +60,7 @@ do
done
echo_i "try $try"
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

29
bin/tests/system/digdelv/tests.sh
View file

@ -11,11 +11,11 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh
set -e
status=0
n=0
@ -42,14 +42,13 @@ check_ttl_range() {
case "$pos" in
"3")
awk -v rrtype="$2" -v ttl="$3" '($4 == "IN" || $4 == "CLASS1" ) && $5 == rrtype { if ($3 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file
{ awk -v rrtype="$2" -v ttl="$3" '($4 == "IN" || $4 == "CLASS1" ) && $5 == rrtype { if ($3 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file; result=$?; } || true
;;
*)
awk -v rrtype="$2" -v ttl="$3" '($3 == "IN" || $3 == "CLASS1" ) && $4 == rrtype { if ($2 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file
{ awk -v rrtype="$2" -v ttl="$3" '($3 == "IN" || $3 == "CLASS1" ) && $4 == rrtype { if ($2 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file; result=$?; } || true
;;
esac
result=$?
[ $result -eq 0 ] || echo_i "ttl check failed"
return $result
}
@ -799,7 +798,7 @@ if [ -x "$DIG" ] ; then
echo "no_response no_response" | sendcmd 10.53.0.5
dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 && ret=1
# Sanity check: ensure ans5 behaves as expected.
[ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1
[ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 2 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -809,7 +808,7 @@ if [ -x "$DIG" ] ; then
echo "partial_axfr partial_axfr" | sendcmd 10.53.0.5
dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 && ret=1
# Sanity check: ensure ans5 behaves as expected.
[ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1
[ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 2 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -819,7 +818,7 @@ if [ -x "$DIG" ] ; then
echo "no_response partial_axfr" | sendcmd 10.53.0.5
dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 && ret=1
# Sanity check: ensure ans5 behaves as expected.
[ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1
[ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 2 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -829,7 +828,7 @@ if [ -x "$DIG" ] ; then
echo "partial_axfr no_response" | sendcmd 10.53.0.5
dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 && ret=1
# Sanity check: ensure ans5 behaves as expected.
[ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1
[ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 2 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -839,7 +838,7 @@ if [ -x "$DIG" ] ; then
echo "no_response complete_axfr" | sendcmd 10.53.0.5
dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 || ret=1
# Sanity check: ensure ans5 behaves as expected.
[ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 1 ] || ret=1
[ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 1 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -849,7 +848,7 @@ if [ -x "$DIG" ] ; then
echo "partial_axfr complete_axfr" | sendcmd 10.53.0.5
dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 || ret=1
# Sanity check: ensure ans5 behaves as expected.
[ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 1 ] || ret=1
[ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 1 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -859,7 +858,7 @@ if [ -x "$DIG" ] ; then
echo "no_response no_response" | sendcmd 10.53.0.5
dig_with_opts @10.53.0.5 example AXFR +tries=1 > dig.out.test$n 2>&1 && ret=1
# Sanity check: ensure ans5 behaves as expected.
[ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 1 ] || ret=1
[ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 1 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -868,7 +867,7 @@ if [ -x "$DIG" ] ; then
ret=0
dig_with_opts @10.53.0.5 example AXFR +retry=0 > dig.out.test$n 2>&1 && ret=1
# Sanity check: ensure ans5 behaves as expected.
[ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 1 ] || ret=1
[ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 1 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -946,8 +945,8 @@ if [ -x "$DIG" ] ; then
echo_i "check that dig +bufsize restores default bufsize ($n)"
ret=0
dig_with_opts @10.53.0.3 a.example +bufsize=0 +bufsize +qr > dig.out.test$n 2>&1 || ret=1
lines=`grep "EDNS:.* udp:" dig.out.test$n | wc -l`
lines1232=`grep "EDNS:.* udp: 1232" dig.out.test$n | wc -l`
lines=$(grep "EDNS:.* udp:" dig.out.test$n | wc -l)
lines1232=$(grep "EDNS:.* udp: 1232" dig.out.test$n | wc -l)
test $lines -eq 2 || ret=1
test $lines1232 -eq 2 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi

78
bin/tests/system/dlzexternal/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -20,7 +22,7 @@ DIGOPTS="@10.53.0.1 -p ${PORT} +nocookie"
RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
newtest() {
n=`expr $n + 1`
n=$((n + 1))
echo_i "${1} (${n})"
ret=0
}
@ -45,8 +47,8 @@ EOF
return 1
}
out=`$DIG $DIGOPTS -t $type -q $host | grep -E "^$host"`
lines=`echo "$out" | grep "$digout" | wc -l`
out=$($DIG $DIGOPTS -t $type -q $host | grep -E "^$host")
lines=$(echo "$out" | grep "$digout" | wc -l)
[ $lines -eq 1 ] || {
[ "$should_fail" ] || \
echo_i "dig output incorrect for $host $type $cmd: $out"
@ -56,22 +58,22 @@ EOF
}
test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_update testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_update testdc3.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fail && ret=1
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing nxrrset"
$DIG $DIGOPTS testdc1.example.nil AAAA > dig.out.$n
grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
grep "ANSWER: 0" dig.out.$n > /dev/null || ret=1
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing prerequisites are checked correctly"
cat > ns1/update.txt << EOF
@ -81,17 +83,17 @@ update add testdc3.example.nil 86500 in a 10.53.0.12
send
EOF
$NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 && ret=1
out=`$DIG $DIGOPTS +short a testdc3.example.nil`
out=$($DIG $DIGOPTS +short a testdc3.example.nil)
[ "$out" = "10.53.0.12" ] && ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing passing client info into DLZ driver"
out=`$DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;'`
addr=`eval echo "$out" | cut -f1 -d'#'`
out=$($DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;')
addr=$(eval echo "$out" | cut -f1 -d'#')
[ "$addr" = "10.53.0.1" ] || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing DLZ driver is cleaned up on reload"
rndc_reload ns1 10.53.0.1
@ -102,21 +104,21 @@ for i in 0 1 2 3 4 5 6 7 8 9; do
sleep 1
done
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing multiple DLZ drivers"
test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing AXFR from DLZ drivers"
$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.example.ns1.test$n
lines=`cat dig.out.example.ns1.test$n | wc -l`
lines=$(cat dig.out.example.ns1.test$n | wc -l)
[ ${lines:-0} -eq 4 ] || ret=1
$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n
lines=`cat dig.out.alternate.ns1.test$n | wc -l`
lines=$(cat dig.out.alternate.ns1.test$n | wc -l)
[ ${lines:-0} -eq 5 ] || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing AXFR denied from DLZ drivers"
$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr example.nil > dig.out.example.ns1.test$n
@ -124,7 +126,7 @@ grep "; Transfer failed" dig.out.example.ns1.test$n > /dev/null || ret=1
$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n
grep "; Transfer failed" dig.out.alternate.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing AXFR denied based on view ACL"
# 10.53.0.1 should be disallowed
@ -134,63 +136,63 @@ grep "; Transfer failed" dig.out.example.ns1.test$n.1 > /dev/null || ret=1
$DIG $DIGOPTS -b 10.53.0.2 +noall +answer axfr example.org > dig.out.example.ns1.test$n.2
grep "; Transfer failed" dig.out.example.ns1.test$n.2 > /dev/null && ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing unsearched/unregistered DLZ zone is not found"
$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n
grep "3600.IN.NS.other.nil." dig.out.ns1.test$n > /dev/null && ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing unsearched/registered DLZ zone is found"
$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n
grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing unsearched/registered DLZ zone is found"
$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n
grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing correct behavior with findzone returning ISC_R_NOMORE"
$DIG $DIGOPTS +noall a test.example.com > /dev/null 2>&1 || ret=1
# we should only find one logged lookup per searched DLZ database
lines=`grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc -l`
lines=$(grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc -l)
[ $lines -eq 1 ] || ret=1
lines=`grep "dlz_findzonedb.*test\.example\.com.*alternate.nil" ns1/named.run | wc -l`
lines=$(grep "dlz_findzonedb.*test\.example\.com.*alternate.nil" ns1/named.run | wc -l)
[ $lines -eq 1 ] || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing findzone can return different results per client"
$DIG $DIGOPTS -b 10.53.0.1 +noall a test.example.net > /dev/null 2>&1 || ret=1
# we should only find one logged lookup per searched DLZ database
lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l`
lines=$(grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l)
[ $lines -eq 1 ] || ret=1
lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l`
lines=$(grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l)
[ $lines -eq 1 ] || ret=1
$DIG $DIGOPTS -b 10.53.0.2 +noall a test.example.net > /dev/null 2>&1 || ret=1
# we should find several logged lookups this time
lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l`
lines=$(grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l)
[ $lines -gt 2 ] || ret=1
lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l`
lines=$(grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l)
[ $lines -gt 2 ] || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing zone returning oversized data"
$DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.test$n 2>&1 || ret=1
grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing zone returning oversized data at zone origin"
$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.test$n 2>&1 || ret=1
grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "checking redirected lookup for nonexistent name"
$DIG $DIGOPTS @10.53.0.1 unexists a > dig.out.ns1.test$n || ret=1
@ -198,24 +200,24 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "^unexists.*A.*100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "checking no redirected lookup for nonexistent type"
$DIG $DIGOPTS @10.53.0.1 exists aaaa > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "checking redirected lookup for a long nonexistent name"
$DIG $DIGOPTS @10.53.0.1 long.name.is.not.there a > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "^long.name.*A.*100.100.100.3" dig.out.ns1.test$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
lookups=`grep "lookup #.*\.not\.there" ns1/named.run | wc -l`
lookups=$(grep "lookup #.*\.not\.there" ns1/named.run | wc -l)
[ "$lookups" -eq 1 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "checking ECS data is passed to driver in clientinfo"
$DIG $DIGOPTS +short +subnet=192.0/16 source-addr.example.nil txt > dig.out.ns1.test$n.1 || ret=1
@ -223,7 +225,7 @@ grep "192.0.0.0/16/0" dig.out.ns1.test$n.1 > /dev/null || ret=1
$DIG $DIGOPTS +short source-addr.example.nil txt > dig.out.ns1.test$n.2 || ret=1
grep "not.*present" dig.out.ns1.test$n.2 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

624
bin/tests/system/dns64/tests.sh
View file

File diff suppressed because it is too large Load diff

17
bin/tests/system/dnssec/tests.sh
View file

@ -11,11 +11,11 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh
set -e
status=0
n=1
@ -83,8 +83,7 @@ israw0 () {
< "$1" $PERL -e 'binmode STDIN;
read(STDIN, $input, 8);
($style, $version) = unpack("NN", $input);
exit 1 if ($style != 2 || $version != 0);'
return $?
exit 1 if ($style != 2 || $version != 0);' || return $?
}
# check that a zone file is raw format, version 1
@ -93,8 +92,7 @@ israw1 () {
< "$1" $PERL -e 'binmode STDIN;
read(STDIN, $input, 8);
($style, $version) = unpack("NN", $input);
exit 1 if ($style != 2 || $version != 1);'
return $?
exit 1 if ($style != 2 || $version != 1);' || return $?
}
# strip NS and RRSIG NS from input
@ -113,8 +111,7 @@ check_secroots_layout () {
/Start view/ { if (!empty) exit(1) }
/Secure roots:/ { if (empty) exit(1) }
/Negative trust anchors:/ { if (!empty) exit(1) }
{ empty=0 }' $1
return $?
{ empty=0 }' $1 || return $?
}
# Check that for a query against a validating resolver where the
@ -2428,8 +2425,8 @@ if $PERL -e 'use Net::DNS;' 2>/dev/null
then
echo_i "running DNSSEC update test"
ret=0
output=$($PERL dnssec_update_test.pl -s 10.53.0.3 -p "$PORT" dynamic.example.)
test "$?" -eq 0 || ret=1
{ output=$($PERL dnssec_update_test.pl -s 10.53.0.3 -p "$PORT" dynamic.example.); rc=$?; } || true
test "$rc" -eq 0 || ret=1
echo "$output" | cat_i
[ $ret -eq 1 ] && status=1
else

272
bin/tests/system/dnstap/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+short -p ${PORT}"
@ -29,7 +31,7 @@ dnstap_data_ready() {
min_size_expected=$3
kill -HUP $fstrm_capture_pid
file_size=`wc -c < "$capture_file" | tr -d ' '`
file_size=$(wc -c < "$capture_file" | tr -d ' ')
if [ $file_size -lt $min_size_expected ]; then
return 1
fi
@ -40,18 +42,18 @@ for bad in bad-*.conf
do
ret=0
echo_i "checking that named-checkconf detects error in $bad"
$CHECKCONF $bad > /dev/null 2>&1
if [ $? != 1 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
{ $CHECKCONF $bad > /dev/null 2>&1; rc=$?; } || true
if [ $rc != 1 ]; then echo_i "failed"; ret=1; fi
status=$((status + ret))
done
for good in good-*.conf
do
ret=0
echo_i "checking that named-checkconf detects no error in $good"
$CHECKCONF $good > /dev/null 2>&1
if [ $? != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
{ $CHECKCONF $good > /dev/null 2>&1; rc=$?; } || true
if [ $rc != 0 ]; then echo_i "failed"; ret=1; fi
status=$((status + ret))
done
echo_i "wait for servers to finish loading"
@ -61,7 +63,7 @@ wait_for_log 20 "all zones loaded" ns2/named.run || ret=1
wait_for_log 20 "all zones loaded" ns3/named.run || ret=1
wait_for_log 20 "all zones loaded" ns4/named.run || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# both the 'a.example/A' lookup and the './NS' lookup to ns1
# need to complete before reopening/rolling for the counts to
@ -109,39 +111,39 @@ sleep 1
echo_i "checking initial message counts"
udp1=`$DNSTAPREAD ns1/dnstap.out.save | grep "UDP " | wc -l`
tcp1=`$DNSTAPREAD ns1/dnstap.out.save | grep "TCP " | wc -l`
aq1=`$DNSTAPREAD ns1/dnstap.out.save | grep "AQ " | wc -l`
ar1=`$DNSTAPREAD ns1/dnstap.out.save | grep "AR " | wc -l`
cq1=`$DNSTAPREAD ns1/dnstap.out.save | grep "CQ " | wc -l`
cr1=`$DNSTAPREAD ns1/dnstap.out.save | grep "CR " | wc -l`
rq1=`$DNSTAPREAD ns1/dnstap.out.save | grep "RQ " | wc -l`
rr1=`$DNSTAPREAD ns1/dnstap.out.save | grep "RR " | wc -l`
uq1=`$DNSTAPREAD ns1/dnstap.out.save | grep "UQ " | wc -l`
ur1=`$DNSTAPREAD ns1/dnstap.out.save | grep "UR " | wc -l`
udp1=$($DNSTAPREAD ns1/dnstap.out.save | grep "UDP " | wc -l)
tcp1=$($DNSTAPREAD ns1/dnstap.out.save | grep "TCP " | wc -l)
aq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "AQ " | wc -l)
ar1=$($DNSTAPREAD ns1/dnstap.out.save | grep "AR " | wc -l)
cq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "CQ " | wc -l)
cr1=$($DNSTAPREAD ns1/dnstap.out.save | grep "CR " | wc -l)
rq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "RQ " | wc -l)
rr1=$($DNSTAPREAD ns1/dnstap.out.save | grep "RR " | wc -l)
uq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "UQ " | wc -l)
ur1=$($DNSTAPREAD ns1/dnstap.out.save | grep "UR " | wc -l)
udp2=`$DNSTAPREAD ns2/dnstap.out.save | grep "UDP " | wc -l`
tcp2=`$DNSTAPREAD ns2/dnstap.out.save | grep "TCP " | wc -l`
aq2=`$DNSTAPREAD ns2/dnstap.out.save | grep "AQ " | wc -l`
ar2=`$DNSTAPREAD ns2/dnstap.out.save | grep "AR " | wc -l`
cq2=`$DNSTAPREAD ns2/dnstap.out.save | grep "CQ " | wc -l`
cr2=`$DNSTAPREAD ns2/dnstap.out.save | grep "CR " | wc -l`
rq2=`$DNSTAPREAD ns2/dnstap.out.save | grep "RQ " | wc -l`
rr2=`$DNSTAPREAD ns2/dnstap.out.save | grep "RR " | wc -l`
uq2=`$DNSTAPREAD ns2/dnstap.out.save | grep "UQ " | wc -l`
ur2=`$DNSTAPREAD ns2/dnstap.out.save | grep "UR " | wc -l`
udp2=$($DNSTAPREAD ns2/dnstap.out.save | grep "UDP " | wc -l)
tcp2=$($DNSTAPREAD ns2/dnstap.out.save | grep "TCP " | wc -l)
aq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "AQ " | wc -l)
ar2=$($DNSTAPREAD ns2/dnstap.out.save | grep "AR " | wc -l)
cq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "CQ " | wc -l)
cr2=$($DNSTAPREAD ns2/dnstap.out.save | grep "CR " | wc -l)
rq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "RQ " | wc -l)
rr2=$($DNSTAPREAD ns2/dnstap.out.save | grep "RR " | wc -l)
uq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "UQ " | wc -l)
ur2=$($DNSTAPREAD ns2/dnstap.out.save | grep "UR " | wc -l)
mv ns3/dnstap.out.0 ns3/dnstap.out.save
udp3=`$DNSTAPREAD ns3/dnstap.out.save | grep "UDP " | wc -l`
tcp3=`$DNSTAPREAD ns3/dnstap.out.save | grep "TCP " | wc -l`
aq3=`$DNSTAPREAD ns3/dnstap.out.save | grep "AQ " | wc -l`
ar3=`$DNSTAPREAD ns3/dnstap.out.save | grep "AR " | wc -l`
cq3=`$DNSTAPREAD ns3/dnstap.out.save | grep "CQ " | wc -l`
cr3=`$DNSTAPREAD ns3/dnstap.out.save | grep "CR " | wc -l`
rq3=`$DNSTAPREAD ns3/dnstap.out.save | grep "RQ " | wc -l`
rr3=`$DNSTAPREAD ns3/dnstap.out.save | grep "RR " | wc -l`
uq3=`$DNSTAPREAD ns3/dnstap.out.save | grep "UQ " | wc -l`
ur3=`$DNSTAPREAD ns3/dnstap.out.save | grep "UR " | wc -l`
udp3=$($DNSTAPREAD ns3/dnstap.out.save | grep "UDP " | wc -l)
tcp3=$($DNSTAPREAD ns3/dnstap.out.save | grep "TCP " | wc -l)
aq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "AQ " | wc -l)
ar3=$($DNSTAPREAD ns3/dnstap.out.save | grep "AR " | wc -l)
cq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "CQ " | wc -l)
cr3=$($DNSTAPREAD ns3/dnstap.out.save | grep "CR " | wc -l)
rq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "RQ " | wc -l)
rr3=$($DNSTAPREAD ns3/dnstap.out.save | grep "RR " | wc -l)
uq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "UQ " | wc -l)
ur3=$($DNSTAPREAD ns3/dnstap.out.save | grep "UR " | wc -l)
echo_i "checking UDP message counts"
ret=0
@ -158,7 +160,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking TCP message counts"
ret=0
@ -175,7 +177,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_QUERY message counts"
ret=0
@ -192,7 +194,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_RESPONSE message counts"
ret=0
@ -209,7 +211,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_QUERY message counts"
ret=0
@ -226,7 +228,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_RESPONSE message counts"
ret=0
@ -243,7 +245,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_QUERY message counts"
ret=0
@ -260,7 +262,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_RESPONSE message counts"
ret=0
@ -277,7 +279,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_QUERY message counts"
ret=0
@ -294,7 +296,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_RESPONSE message counts"
ret=0
@ -311,42 +313,42 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking reopened message counts"
udp1=`$DNSTAPREAD ns1/dnstap.out | grep "UDP " | wc -l`
tcp1=`$DNSTAPREAD ns1/dnstap.out | grep "TCP " | wc -l`
aq1=`$DNSTAPREAD ns1/dnstap.out | grep "AQ " | wc -l`
ar1=`$DNSTAPREAD ns1/dnstap.out | grep "AR " | wc -l`
cq1=`$DNSTAPREAD ns1/dnstap.out | grep "CQ " | wc -l`
cr1=`$DNSTAPREAD ns1/dnstap.out | grep "CR " | wc -l`
rq1=`$DNSTAPREAD ns1/dnstap.out | grep "RQ " | wc -l`
rr1=`$DNSTAPREAD ns1/dnstap.out | grep "RR " | wc -l`
uq1=`$DNSTAPREAD ns1/dnstap.out | grep "UQ " | wc -l`
ur1=`$DNSTAPREAD ns1/dnstap.out | grep "UR " | wc -l`
udp1=$($DNSTAPREAD ns1/dnstap.out | grep "UDP " | wc -l)
tcp1=$($DNSTAPREAD ns1/dnstap.out | grep "TCP " | wc -l)
aq1=$($DNSTAPREAD ns1/dnstap.out | grep "AQ " | wc -l)
ar1=$($DNSTAPREAD ns1/dnstap.out | grep "AR " | wc -l)
cq1=$($DNSTAPREAD ns1/dnstap.out | grep "CQ " | wc -l)
cr1=$($DNSTAPREAD ns1/dnstap.out | grep "CR " | wc -l)
rq1=$($DNSTAPREAD ns1/dnstap.out | grep "RQ " | wc -l)
rr1=$($DNSTAPREAD ns1/dnstap.out | grep "RR " | wc -l)
uq1=$($DNSTAPREAD ns1/dnstap.out | grep "UQ " | wc -l)
ur1=$($DNSTAPREAD ns1/dnstap.out | grep "UR " | wc -l)
udp2=`$DNSTAPREAD ns2/dnstap.out | grep "UDP " | wc -l`
tcp2=`$DNSTAPREAD ns2/dnstap.out | grep "TCP " | wc -l`
aq2=`$DNSTAPREAD ns2/dnstap.out | grep "AQ " | wc -l`
ar2=`$DNSTAPREAD ns2/dnstap.out | grep "AR " | wc -l`
cq2=`$DNSTAPREAD ns2/dnstap.out | grep "CQ " | wc -l`
cr2=`$DNSTAPREAD ns2/dnstap.out | grep "CR " | wc -l`
rq2=`$DNSTAPREAD ns2/dnstap.out | grep "RQ " | wc -l`
rr2=`$DNSTAPREAD ns2/dnstap.out | grep "RR " | wc -l`
uq2=`$DNSTAPREAD ns2/dnstap.out | grep "UQ " | wc -l`
ur2=`$DNSTAPREAD ns2/dnstap.out | grep "UR " | wc -l`
udp2=$($DNSTAPREAD ns2/dnstap.out | grep "UDP " | wc -l)
tcp2=$($DNSTAPREAD ns2/dnstap.out | grep "TCP " | wc -l)
aq2=$($DNSTAPREAD ns2/dnstap.out | grep "AQ " | wc -l)
ar2=$($DNSTAPREAD ns2/dnstap.out | grep "AR " | wc -l)
cq2=$($DNSTAPREAD ns2/dnstap.out | grep "CQ " | wc -l)
cr2=$($DNSTAPREAD ns2/dnstap.out | grep "CR " | wc -l)
rq2=$($DNSTAPREAD ns2/dnstap.out | grep "RQ " | wc -l)
rr2=$($DNSTAPREAD ns2/dnstap.out | grep "RR " | wc -l)
uq2=$($DNSTAPREAD ns2/dnstap.out | grep "UQ " | wc -l)
ur2=$($DNSTAPREAD ns2/dnstap.out | grep "UR " | wc -l)
udp3=`$DNSTAPREAD ns3/dnstap.out | grep "UDP " | wc -l`
tcp3=`$DNSTAPREAD ns3/dnstap.out | grep "TCP " | wc -l`
aq3=`$DNSTAPREAD ns3/dnstap.out | grep "AQ " | wc -l`
ar3=`$DNSTAPREAD ns3/dnstap.out | grep "AR " | wc -l`
cq3=`$DNSTAPREAD ns3/dnstap.out | grep "CQ " | wc -l`
cr3=`$DNSTAPREAD ns3/dnstap.out | grep "CR " | wc -l`
rq3=`$DNSTAPREAD ns3/dnstap.out | grep "RQ " | wc -l`
rr3=`$DNSTAPREAD ns3/dnstap.out | grep "RR " | wc -l`
uq3=`$DNSTAPREAD ns3/dnstap.out | grep "UQ " | wc -l`
ur3=`$DNSTAPREAD ns3/dnstap.out | grep "UR " | wc -l`
udp3=$($DNSTAPREAD ns3/dnstap.out | grep "UDP " | wc -l)
tcp3=$($DNSTAPREAD ns3/dnstap.out | grep "TCP " | wc -l)
aq3=$($DNSTAPREAD ns3/dnstap.out | grep "AQ " | wc -l)
ar3=$($DNSTAPREAD ns3/dnstap.out | grep "AR " | wc -l)
cq3=$($DNSTAPREAD ns3/dnstap.out | grep "CQ " | wc -l)
cr3=$($DNSTAPREAD ns3/dnstap.out | grep "CR " | wc -l)
rq3=$($DNSTAPREAD ns3/dnstap.out | grep "RQ " | wc -l)
rr3=$($DNSTAPREAD ns3/dnstap.out | grep "RR " | wc -l)
uq3=$($DNSTAPREAD ns3/dnstap.out | grep "UQ " | wc -l)
ur3=$($DNSTAPREAD ns3/dnstap.out | grep "UR " | wc -l)
echo_i "checking UDP message counts"
ret=0
@ -363,7 +365,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking TCP message counts"
ret=0
@ -380,7 +382,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_QUERY message counts"
ret=0
@ -397,7 +399,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_RESPONSE message counts"
ret=0
@ -414,7 +416,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_QUERY message counts"
ret=0
@ -431,7 +433,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_RESPONSE message counts"
ret=0
@ -448,7 +450,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_QUERY message counts"
ret=0
@ -465,7 +467,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_RESPONSE message counts"
ret=0
@ -482,7 +484,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_QUERY message counts"
ret=0
@ -499,7 +501,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_RESPONSE message counts"
ret=0
@ -516,13 +518,13 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking whether destination UDP port is logged for client queries"
ret=0
$DNSTAPREAD ns3/dnstap.out.save | grep -Eq "CQ [0-9:.]+ -> 10.53.0.3:${PORT} UDP" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
HAS_PYYAML=0
if [ -x "$PYTHON" ] ; then
@ -536,23 +538,23 @@ if [ $HAS_PYYAML -ne 0 ] ; then
$PYTHON ydump.py "$DNSTAPREAD" "ns3/dnstap.out.save" > ydump.out || ret=1
} | cat_i
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "checking dnstap-read hex output"
ret=0
hex=`$DNSTAPREAD -x ns3/dnstap.out | tail -1`
hex=$($DNSTAPREAD -x ns3/dnstap.out | tail -1)
echo $hex | $WIRETEST > dnstap.hex
grep 'status: NOERROR' dnstap.hex > /dev/null 2>&1 || ret=1
grep 'ANSWER: 3, AUTHORITY: 1' dnstap.hex > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if [ -n "$FSTRM_CAPTURE" ] ; then
$DIG $DIGOPTS @10.53.0.4 a.example > dig.out
# send an UPDATE to ns4
$NSUPDATE <<- EOF > nsupdate.out 2>&1
$NSUPDATE <<- EOF > nsupdate.out 2>&1 && ret=1
server 10.53.0.4 ${PORT}
zone example
update add b.example 3600 in a 10.10.10.10
@ -570,16 +572,16 @@ EOF
status=$((status + ret))
kill $fstrm_capture_pid
wait
udp4=`$DNSTAPREAD dnstap.out | grep "UDP " | wc -l`
tcp4=`$DNSTAPREAD dnstap.out | grep "TCP " | wc -l`
aq4=`$DNSTAPREAD dnstap.out | grep "AQ " | wc -l`
ar4=`$DNSTAPREAD dnstap.out | grep "AR " | wc -l`
cq4=`$DNSTAPREAD dnstap.out | grep "CQ " | wc -l`
cr4=`$DNSTAPREAD dnstap.out | grep "CR " | wc -l`
rq4=`$DNSTAPREAD dnstap.out | grep "RQ " | wc -l`
rr4=`$DNSTAPREAD dnstap.out | grep "RR " | wc -l`
uq4=`$DNSTAPREAD dnstap.out | grep "UQ " | wc -l`
ur4=`$DNSTAPREAD dnstap.out | grep "UR " | wc -l`
udp4=$($DNSTAPREAD dnstap.out | grep "UDP " | wc -l)
tcp4=$($DNSTAPREAD dnstap.out | grep "TCP " | wc -l)
aq4=$($DNSTAPREAD dnstap.out | grep "AQ " | wc -l)
ar4=$($DNSTAPREAD dnstap.out | grep "AR " | wc -l)
cq4=$($DNSTAPREAD dnstap.out | grep "CQ " | wc -l)
cr4=$($DNSTAPREAD dnstap.out | grep "CR " | wc -l)
rq4=$($DNSTAPREAD dnstap.out | grep "RQ " | wc -l)
rr4=$($DNSTAPREAD dnstap.out | grep "RR " | wc -l)
uq4=$($DNSTAPREAD dnstap.out | grep "UQ " | wc -l)
ur4=$($DNSTAPREAD dnstap.out | grep "UR " | wc -l)
echo_i "checking UDP message counts"
ret=0
@ -588,7 +590,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking TCP message counts"
ret=0
@ -597,7 +599,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_QUERY message counts"
ret=0
@ -606,7 +608,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_RESPONSE message counts"
ret=0
@ -615,7 +617,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_QUERY message counts"
ret=0
@ -624,7 +626,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_RESPONSE message counts"
ret=0
@ -633,7 +635,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_QUERY message counts"
ret=0
@ -642,7 +644,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_RESPONSE message counts"
ret=0
@ -658,7 +660,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_RESPONSE message counts"
ret=0
@ -667,7 +669,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
mv dnstap.out dnstap.out.save
@ -688,16 +690,16 @@ EOF
status=$((status + ret))
kill $fstrm_capture_pid
wait
udp4=`$DNSTAPREAD dnstap.out | grep "UDP " | wc -l`
tcp4=`$DNSTAPREAD dnstap.out | grep "TCP " | wc -l`
aq4=`$DNSTAPREAD dnstap.out | grep "AQ " | wc -l`
ar4=`$DNSTAPREAD dnstap.out | grep "AR " | wc -l`
cq4=`$DNSTAPREAD dnstap.out | grep "CQ " | wc -l`
cr4=`$DNSTAPREAD dnstap.out | grep "CR " | wc -l`
rq4=`$DNSTAPREAD dnstap.out | grep "RQ " | wc -l`
rr4=`$DNSTAPREAD dnstap.out | grep "RR " | wc -l`
uq4=`$DNSTAPREAD dnstap.out | grep "UQ " | wc -l`
ur4=`$DNSTAPREAD dnstap.out | grep "UR " | wc -l`
udp4=$($DNSTAPREAD dnstap.out | grep "UDP " | wc -l)
tcp4=$($DNSTAPREAD dnstap.out | grep "TCP " | wc -l)
aq4=$($DNSTAPREAD dnstap.out | grep "AQ " | wc -l)
ar4=$($DNSTAPREAD dnstap.out | grep "AR " | wc -l)
cq4=$($DNSTAPREAD dnstap.out | grep "CQ " | wc -l)
cr4=$($DNSTAPREAD dnstap.out | grep "CR " | wc -l)
rq4=$($DNSTAPREAD dnstap.out | grep "RQ " | wc -l)
rr4=$($DNSTAPREAD dnstap.out | grep "RR " | wc -l)
uq4=$($DNSTAPREAD dnstap.out | grep "UQ " | wc -l)
ur4=$($DNSTAPREAD dnstap.out | grep "UR " | wc -l)
echo_i "checking UDP message counts"
ret=0
@ -706,7 +708,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking TCP message counts"
ret=0
@ -715,7 +717,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_QUERY message counts"
ret=0
@ -724,7 +726,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_RESPONSE message counts"
ret=0
@ -733,7 +735,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_QUERY message counts"
ret=0
@ -742,7 +744,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_RESPONSE message counts"
ret=0
@ -751,7 +753,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_QUERY message counts"
ret=0
@ -760,7 +762,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_RESPONSE message counts"
ret=0
@ -776,7 +778,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_RESPONSE message counts"
ret=0
@ -785,17 +787,17 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "checking large packet printing"
ret=0
# Expect one occurrence of "opcode: QUERY" below "reponse_message_data" and
# another one below "response_message".
lines=`$DNSTAPREAD -y large-answer.fstrm | grep -c "opcode: QUERY"`
lines=$($DNSTAPREAD -y large-answer.fstrm | grep -c "opcode: QUERY")
[ $lines -eq 2 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
_test_dnstap_roll() (
ip="$1"
@ -804,7 +806,7 @@ _test_dnstap_roll() (
$RNDCCMD -s "${ip}" dnstap -roll "${n}" | sed "s/^/${ns} /" | cat_i &&
files=$(find "$ns" -name "dnstap.out.[0-9]" | wc -l) &&
test "$files" -eq "${n}" && test "$files" -ge "1"
test "$files" -eq "${n}" && test "$files" -ge "1" || return 1
)
@ -816,7 +818,7 @@ test_dnstap_roll() {
while test $try -lt 12
do
touch "$3/dnstap.out.$try"
try=`expr $try + 1`
try=$((try + 1))
done
_repeat 10 _test_dnstap_roll $2 $3 $4 || ret=1

23
bin/tests/system/doth/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck disable=SC1091
. ../conf.sh
@ -330,7 +332,7 @@ n=$((n + 1))
echo_i "checking DoH query when ALPN is expected to fail (dot, failure expected) ($n)"
ret=0
# shellcheck disable=SC2086
"$DIG" +https $common_dig_options -p "${TLSPORT}" "$@" @10.53.0.1 . SOA > dig.out.test$n
"$DIG" +https $common_dig_options -p "${TLSPORT}" "$@" @10.53.0.1 . SOA > dig.out.test$n && ret=1
grep "ALPN for HTTP/2 failed." dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -388,7 +390,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking DoH query (POST, undefined endpoint, failure expected) ($n)"
ret=0
dig_with_https_opts +tries=1 +time=1 +https=/fake @10.53.0.1 . SOA > dig.out.test$n
dig_with_https_opts +tries=1 +time=1 +https=/fake @10.53.0.1 . SOA > dig.out.test$n && ret=1
grep "communications error" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -396,7 +398,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking DoH query via IPv6 (POST, undefined endpoint, failure expected) ($n)"
ret=0
dig_with_https_opts -6 +tries=1 +time=1 +https=/fake @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
dig_with_https_opts -6 +tries=1 +time=1 +https=/fake @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n && ret=1
grep "communications error" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -462,7 +464,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking DoH query (GET, undefined endpoint, failure expected) ($n)"
ret=0
dig_with_https_opts +tries=1 +time=1 +https-get=/fake @10.53.0.1 . SOA > dig.out.test$n
dig_with_https_opts +tries=1 +time=1 +https-get=/fake @10.53.0.1 . SOA > dig.out.test$n && ret=1
grep "communications error" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -470,7 +472,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking DoH query via IPv6 (GET, undefined endpoint, failure expected) ($n)"
ret=0
dig_with_https_opts -6 +tries=1 +time=1 +https-get=/fake @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
dig_with_https_opts -6 +tries=1 +time=1 +https-get=/fake @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n && ret=1
grep "communications error" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -756,7 +758,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking DoH query (client certificate required, failure expected) ($n)"
ret=0
dig_with_https_opts +tls-ca="$ca_file" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA > dig.out.test$n
dig_with_https_opts +tls-ca="$ca_file" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA > dig.out.test$n && ret=1
grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -843,8 +845,7 @@ n=$((n + 1))
echo_i "checking server quotas for both encrypted and unencrypted HTTP ($n)"
ret=0
if [ -x "$PYTHON" ]; then
BINDHOST="10.53.0.1" "$PYTHON" "$TOP_SRCDIR/bin/tests/system/doth/stress_http_quota.py"
ret=$?
BINDHOST="10.53.0.1" "$PYTHON" "$TOP_SRCDIR/bin/tests/system/doth/stress_http_quota.py" || ret=$?
else
echo_i "Python is not available. Skipping the test..."
fi
@ -853,7 +854,7 @@ status=$((status + ret))
# check whether we can use curl for sending test queries.
if [ -x "${CURL}" ] ; then
CURL_HTTP2="$(${CURL} --version | grep -E '^Features:.* HTTP2( |$)')"
CURL_HTTP2="$(${CURL} --version | grep -E '^Features:.* HTTP2( |$)' || true)"
if [ -n "$CURL_HTTP2" ]; then
testcurl=1
@ -869,7 +870,7 @@ if [ -n "$testcurl" ]; then
echo_i "checking max-age for positive answer ($n)"
ret=0
# use curl to query for 'example/SOA'
$CURL -kD headers.$n "https://10.53.0.1:${HTTPSPORT}/dns-query?dns=AAEAAAABAAAAAAAAB2V4YW1wbGUAAAYAAQ" > /dev/null 2>&1
$CURL -kD headers.$n "https://10.53.0.1:${HTTPSPORT}/dns-query?dns=AAEAAAABAAAAAAAAB2V4YW1wbGUAAAYAAQ" > /dev/null 2>&1 || ret=1
grep "cache-control: max-age=86400" headers.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -878,7 +879,7 @@ if [ -n "$testcurl" ]; then
echo_i "checking max-age for negative answer ($n)"
ret=0
# use curl to query for 'fake.example/TXT'
$CURL -kD headers.$n "https://10.53.0.1:${HTTPSPORT}/dns-query?dns=AAEAAAABAAAAAAAABGZha2UHZXhhbXBsZQAAEAAB" > /dev/null 2>&1
$CURL -kD headers.$n "https://10.53.0.1:${HTTPSPORT}/dns-query?dns=AAEAAAABAAAAAAAABGZha2UHZXhhbXBsZQAAEAAB" > /dev/null 2>&1 || ret=1
grep "cache-control: max-age=3600" headers.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))

8
bin/tests/system/dsdigest/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -27,7 +29,7 @@ $DIG $DIGOPTS a.good. @10.53.0.3 a > dig.out.good || ret=1
grep "status: NOERROR" dig.out.good > /dev/null || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.good > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Check the bad. domain
@ -36,7 +38,7 @@ ret=0
$DIG $DIGOPTS a.bad. @10.53.0.3 a > dig.out.bad || ret=1
grep "SERVFAIL" dig.out.bad > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that validation with no supported digest algorithms results in insecure"
ret=0
@ -47,7 +49,7 @@ $DIG $DIGOPTS a.bad. @10.53.0.4 a > dig.out.insecure || ret=1
grep "NOERROR" dig.out.insecure > /dev/null || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.insecure > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

44
bin/tests/system/dupsigs/ns1/reset_keys.sh
View file

@ -23,18 +23,18 @@ timetodnssec() {
}
KEYDIR=keys/signing.test
KSK=`$KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone`
KSK=$($KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone)
ZSK0=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
ZSK1=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
ZSK2=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
ZSK3=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
ZSK4=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
ZSK5=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
ZSK6=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
ZSK7=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
ZSK8=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
ZSK9=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
ZSK0=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK1=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK2=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK3=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK4=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK5=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK6=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK7=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK8=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK9=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
# clear all times on all keys
for FILEN in keys/signing.test/*.key
@ -42,8 +42,8 @@ do
$SETTIME -P none -A none -R none -I none -D none $FILEN
done
BASE=`date +%s`
BASET=`timetodnssec $BASE`
BASE=$(date +%s)
BASET=$(timetodnssec $BASE)
# reset the publish and activation time on the KSK
$SETTIME -P $BASET -A $BASET $KEYDIR/$KSK
@ -52,25 +52,25 @@ $SETTIME -P $BASET -A $BASET $KEYDIR/$KSK
$SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0
# schedule the first roll
R1=`expr $BASE + 50`
R1T=`timetodnssec $R1`
R1=$((BASE + 50))
R1T=$(timetodnssec $R1)
$SETTIME -I $R1T $KEYDIR/$ZSK0
$SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1
# schedule the second roll (which includes the delete of the first key)
R2=`expr $R1 + 50`
R2T=`timetodnssec $R2`
R2=$((R1 + 50))
R2T=$(timetodnssec $R2)
DT=$R2
DTT=`timetodnssec $DT`
DTT=$(timetodnssec $DT)
$SETTIME -D $DTT $KEYDIR/$ZSK0
$SETTIME -I $R2T $KEYDIR/$ZSK1
$SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2
# schedule the third roll
R3=`expr $R2 + 25`
R3T=`timetodnssec $R3`
R3=$((R2 + 25))
R3T=$(timetodnssec $R3)
$SETTIME -D $R3T $KEYDIR/$ZSK1
$SETTIME -I $R3T $KEYDIR/$ZSK2
@ -91,8 +91,8 @@ exit
# this isn't long enough for the signing to complete and would result in
# duplicate signatures, see
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597
R4=`expr $R3 + 10`
R4T=`timetodnssec $R4`
R4=$((R3 + 10))
R4T=$(timetodnssec $R4)
$SETTIME -D $R4T $KEYDIR/$ZSK2
$SETTIME -I $R4T $KEYDIR/$ZSK3

8
bin/tests/system/dupsigs/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -45,7 +47,7 @@ retry_quiet 60 _wait_for_last_nsec_signed
retry_quiet 10 fully_signed || status=1
if [ $status != 0 ]; then echo_i "failed"; fi
start=`date +%s`
start=$(date +%s)
now=$start
end=$((start + 140))
@ -55,14 +57,14 @@ while [ $now -lt $end ] && [ $status -eq 0 ]; do
$JOURNALPRINT ns1/signing.test.db.signed.jnl | $PERL check_journal.pl | cat_i
$DIG axfr signing.test -p ${PORT} @10.53.0.1 > dig.out.at$et
awk '$4 == "RRSIG" { print $11 }' dig.out.at$et | sort | uniq -c | cat_i
lines=`awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l`
lines=$(awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l)
if [ ${et} -ne 0 -a ${lines} -ne 1008 ]
then
echo_i "failed"
status=$((status + 1))
fi
sleep 5
now=`date +%s`
now=$(date +%s)
done
echo_i "exit status: $status"

48
bin/tests/system/dyndb/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -20,7 +22,7 @@ DIGOPTS="@10.53.0.1 -p ${PORT}"
RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
newtest() {
n=`expr $n + 1`
n=$((n + 1))
echo_i "${1} (${n})"
ret=0
}
@ -44,9 +46,9 @@ EOF
return 1
}
out=`$DIG $DIGOPTS +noall +answer -t $type -q $host`
out=$($DIG $DIGOPTS +noall +answer -t $type -q $host)
echo $out > added.a.out.$n
lines=`echo "$out" | grep "$ip" | wc -l`
lines=$(echo "$out" | grep "$ip" | wc -l)
[ $lines -eq 1 ] || {
[ "$should_fail" ] || \
echo_i "dig output incorrect for $host $type $cmd: $out"
@ -55,9 +57,9 @@ EOF
for i in 1 2 3 4 5 6 7 8 9 10
do
out=`$DIG $DIGOPTS +noall +answer -x $ip`
out=$($DIG $DIGOPTS +noall +answer -x $ip)
echo $out > added.ptr.out.$n
lines=`echo "$out" | grep "$host" | wc -l`
lines=$(echo "$out" | grep "$host" | wc -l)
[ $lines -eq 1 ] && break;
$PERL -e 'select(undef, undef, undef, 0.1);'
done
@ -74,7 +76,7 @@ test_del() {
host="$1"
type="$2"
ip=`$DIG $DIGOPTS +short $host $type`
ip=$($DIG $DIGOPTS +short $host $type)
cat <<EOF > ns1/update.txt
server 10.53.0.1 ${PORT}
@ -89,9 +91,9 @@ EOF
return 1
}
out=`$DIG $DIGOPTS +noall +answer -t $type -q $host`
out=$($DIG $DIGOPTS +noall +answer -t $type -q $host)
echo $out > deleted.a.out.$n
lines=`echo "$out" | grep "$ip" | wc -l`
lines=$(echo "$out" | grep "$ip" | wc -l)
[ $lines -eq 0 ] || {
[ "$should_fail" ] || \
echo_i "dig output incorrect for $host $type $cmd: $out"
@ -100,9 +102,9 @@ EOF
for i in 1 2 3 4 5 6 7 8 9 10
do
out=`$DIG $DIGOPTS +noall +answer -x $ip`
out=$($DIG $DIGOPTS +noall +answer -x $ip)
echo $out > deleted.ptr.out.$n
lines=`echo "$out" | grep "$host" | wc -l`
lines=$(echo "$out" | grep "$host" | wc -l)
[ $lines -eq 0 ] && break
$PERL -e 'select(undef, undef, undef, 0.1);'
done
@ -116,49 +118,49 @@ EOF
}
test_add test1.ipv4.example.nil. A "10.53.0.10" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_add test2.ipv4.example.nil. A "10.53.0.11" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_add test3.ipv4.example.nil. A "10.53.0.12" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_add test4.ipv6.example.nil. AAAA "2001:db8::1" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test1.ipv4.example.nil. A || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test2.ipv4.example.nil. A || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test3.ipv4.example.nil. A || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test4.ipv6.example.nil. AAAA || ret=1
status=`expr $status + $ret`
status=$((status + ret))
newtest "checking parameter logging"
grep "loading params for dyndb 'sample' from .*named.conf:" ns1/named.run > /dev/null || ret=1
grep "loading params for dyndb 'sample2' from .*named.conf:" ns1/named.run > /dev/null || ret=1
[ $ret -eq 1 ] && echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking dyndb still works after reload"
rndc_reload ns1 10.53.0.1
test_add test5.ipv4.example.nil. A "10.53.0.10" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_add test6.ipv6.example.nil. AAAA "2001:db8::1" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test5.ipv4.example.nil. A || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test6.ipv6.example.nil. AAAA || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

40
bin/tests/system/ednscompliance/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+norec -p ${PORT}"
@ -19,31 +21,31 @@ status=0
n=0
zone=.
n=`expr $n + 1`
n=$((n + 1))
echo_i "check +edns=100 sets version 100 ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +qr +edns=100 soa $zone > dig.out$n
grep "EDNS: version: 100," dig.out$n > /dev/null || { ret=1; reason="version"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
ret=0 reason=
echo_i "check +ednsopt=100 adds option 100 ($n)"
$DIG $DIGOPTS @10.53.0.1 +qr +ednsopt=100 soa $zone > dig.out$n
grep "; OPT=100" dig.out$n > /dev/null || { ret=1; reason="option"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check +ednsflags=0x80 sets flags to 0x0080 ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +qr +ednsflags=0x80 soa $zone > dig.out$n
grep "MBZ: 0x0080," dig.out$n > /dev/null || { ret=1; reason="flags"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Unknown EDNS version ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsnegotiation soa $zone > dig.out$n
@ -51,9 +53,9 @@ grep "status: BADVERS," dig.out$n > /dev/null || { ret=1; reason="status"; }
grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Unknown EDNS option ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +ednsopt=100 soa $zone > dig.out$n
@ -62,9 +64,9 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "; OPT=100" dig.out$n > /dev/null && { ret=1; reason="option"; }
grep "IN.SOA." dig.out$n > /dev/null || { ret=1; reason="nosoa"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Unknown EDNS version + option ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsneg +ednsopt=100 soa $zone > dig.out$n
@ -73,8 +75,8 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "; OPT=100" dig.out$n > /dev/null && { ret=1; reason="option"; }
grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; }
if [ $ret != 0 ]; then echo_i "failed: $reason"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "Unknown EDNS flag ($n)"
ret=0 reason=
@ -84,9 +86,9 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "EDNS:.*MBZ" dig.out$n > /dev/null > /dev/null && { ret=1; reason="mbz"; }
grep ".IN.SOA." dig.out$n > /dev/null || { ret=1; reason="nosoa"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Unknown EDNS version + flag ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsneg +ednsflags=0x80 soa $zone > dig.out$n
@ -95,8 +97,8 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "EDNS:.*MBZ" dig.out$n > /dev/null > /dev/null && { ret=1; reason="mbz"; }
grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "DiG's EDNS negotiation ($n)"
ret=0 reason=
@ -105,8 +107,8 @@ grep "status: NOERROR," dig.out$n > /dev/null || { ret=1; reason="status"; }
grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "IN.SOA." dig.out$n > /dev/null || { ret=1; reason="soa"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

10
bin/tests/system/emptyzones/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -19,7 +21,7 @@ RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that switching to automatic empty zones works ($n)"
ret=0
rndc_reload ns1 10.53.0.1
@ -30,15 +32,15 @@ sleep 5
$DIG $DIGOPTS +vc version.bind txt ch @10.53.0.1 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that allow-transfer { none; } works ($n)"
ret=0
$DIG $DIGOPTS axfr 10.in-addr.arpa @10.53.0.1 +all > dig.out.test$n || ret=1
grep "status: REFUSED" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

2
bin/tests/system/enginepkcs11/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh

26
bin/tests/system/fetchlimit/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGCMD="$DIG @10.53.0.3 -p ${PORT} +tcp +tries=1 +time=1"
@ -38,8 +40,8 @@ burst() {
}
stat() {
clients=`rndccmd ${1} status | grep "recursive clients" |
sed 's;.*: \([^/][^/]*\)/.*;\1;'`
clients=$(rndccmd ${1} status | grep "recursive clients" |
sed 's;.*: \([^/][^/]*\)/.*;\1;')
echo_i "clients: $clients"
[ "$clients" = "" ] && return 1
[ "$clients" -ge $2 ] || return 1
@ -82,7 +84,7 @@ n=$((n + 1))
echo_i "dumping ADB data ($n)"
ret=0
rndccmd 10.53.0.3 dumpdb -adb
info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/'`
info=$(grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/')
echo_i $info
set -- $info
quota=$4
@ -99,9 +101,9 @@ for try in 1 2 3 4 5; do
[ -f ns3/named.stats ] && break
sleep 1
done
sspill=`grep 'spilled due to server' ns3/named.stats | sed 's/\([0-9][0-9]*\) spilled.*/\1/'`
sspill=$(grep 'spilled due to server' ns3/named.stats | sed 's/\([0-9][0-9]*\) spilled.*/\1/')
[ -z "$sspill" ] && sspill=0
fails=`grep 'queries resulted in SERVFAIL' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/'`
fails=$(grep 'queries resulted in SERVFAIL' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/')
[ -z "$fails" ] && fails=0
[ "$fails" -ge "$sspill" ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -124,7 +126,7 @@ n=$((n + 1))
echo_i "dumping ADB data ($n)"
ret=0
rndccmd 10.53.0.3 dumpdb -adb
info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/'`
info=$(grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/')
echo_i $info
set -- $info
[ ${4:-${quota}} -lt $quota ] || ret=1
@ -148,7 +150,7 @@ n=$((n + 1))
echo_i "dumping ADB data ($n)"
ret=0
rndccmd 10.53.0.3 dumpdb -adb
info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/'`
info=$(grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/')
echo_i $info
set -- $info
[ ${4:-${quota}} -gt $quota ] || ret=1
@ -190,9 +192,9 @@ for try in 1 2 3 4 5; do
[ -f ns3/named.stats ] && break
sleep 1
done
zspill=`grep 'spilled due to zone' ns3/named.stats | sed 's/\([0-9][0-9]*\) spilled.*/\1/'`
zspill=$(grep 'spilled due to zone' ns3/named.stats | sed 's/\([0-9][0-9]*\) spilled.*/\1/')
[ -z "$zspill" ] && zspill=0
drops=`grep 'queries dropped' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/'`
drops=$(grep 'queries dropped' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/')
[ -z "$drops" ] && drops=0
[ "$drops" -ge "$zspill" ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -234,7 +236,7 @@ rm -f ns3/named.stats
touch ns3/named.stats
rndccmd 10.53.0.3 stats
wait_for_log 5 "queries dropped due to recursive client limit" ns3/named.stats || ret=1
drops=`grep 'queries dropped due to recursive client limit' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/'`
drops=$(grep 'queries dropped due to recursive client limit' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/')
[ "${drops:-0}" -ne 0 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -262,7 +264,7 @@ for try in 1 2 3 4 5; do
[ -f ns5/named.stats ] && break
sleep 1
done
zspill=`grep 'spilled due to clients per query' ns5/named.stats | sed 's/ *\([0-9][0-9]*\) spilled.*/\1/'`
zspill=$(grep 'spilled due to clients per query' ns5/named.stats | sed 's/ *\([0-9][0-9]*\) spilled.*/\1/')
[ -z "$zspill" ] && zspill=0
# ns5 configuration:
# clients-per-query 5
@ -305,7 +307,7 @@ for try in 1 2 3 4 5; do
[ -f ns5/named.stats ] && break
sleep 1
done
zspill=`grep 'spilled due to clients per query' ns5/named.stats | sed 's/ *\([0-9][0-9]*\) spilled.*/\1/'`
zspill=$(grep 'spilled due to clients per query' ns5/named.stats | sed 's/ *\([0-9][0-9]*\) spilled.*/\1/')
[ -z "$zspill" ] && zspill=0
# ns5 configuration:
# clients-per-query 5

2
bin/tests/system/filter-aaaa/ns1/sign.sh
View file

@ -22,7 +22,7 @@ outfile=signed.db.signed
$KEYGEN -a $DEFAULT_ALGORITHM $zone 2>&1 > /dev/null | cat_i
$KEYGEN -f KSK -a $DEFAULT_ALGORITHM $zone 2>&1 > keygen.out | cat_i
keyname=`cat keygen.out`
keyname=$(cat keygen.out)
rm -f keygen.out
keyfile_to_static_ds $keyname > trusted.conf

558
bin/tests/system/filter-aaaa/tests.sh
View file

File diff suppressed because it is too large Load diff

14
bin/tests/system/formerr/tests.sh
View file

@ -11,34 +11,36 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
echo_i "test name too long"
$PERL formerr.pl -a 10.53.0.1 -p ${PORT} nametoolong > nametoolong.out
ans=`grep got: nametoolong.out`
ans=$(grep got: nametoolong.out)
if [ "${ans}" != "got: 000080010000000000000000" ];
then
echo_i "failed"; status=`expr $status + 1`;
echo_i "failed"; status=$((status + 1));
fi
echo_i "two questions"
$PERL formerr.pl -a 10.53.0.1 -p ${PORT} twoquestions > twoquestions.out
ans=`grep got: twoquestions.out`
ans=$(grep got: twoquestions.out)
if [ "${ans}" != "got: 000080010000000000000000" ];
then
echo_i "failed"; status=`expr $status + 1`;
echo_i "failed"; status=$((status + 1));
fi
# this would be NOERROR if it included a COOKIE option,
# but is a FORMERR without one.
echo_i "empty question section (and no COOKIE option)"
$PERL formerr.pl -a 10.53.0.1 -p ${PORT} noquestions > noquestions.out
ans=`grep got: noquestions.out`
ans=$(grep got: noquestions.out)
if [ "${ans}" != "got: 000080010000000000000000" ];
then
echo_i "failed"; status=`expr $status + 1`;
echo_i "failed"; status=$((status + 1));
fi
echo_i "exit status: $status"

6
bin/tests/system/forward/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
#shellcheck source=conf.sh
. ../conf.sh
@ -210,9 +212,9 @@ received_pattern="received packet from 10\.53\.0\.1"
start_pattern="sending packet to 10\.53\.0\.1"
retry_quiet 5 wait_for_log ns7/named.run "$received_pattern" || ret=1
check_sent 1 ns7/named.run "$start_pattern" ";\.[[:space:]]*IN[[:space:]]*NS$" || ret=1
sent=$(grep -c "10.53.0.7#.* (.): query '\./NS/IN' approved" ns4/named.run)
sent=$(grep -c "10.53.0.7#.* (.): query '\./NS/IN' approved" ns4/named.run || true)
[ "$sent" -eq 0 ] || ret=1
sent=$(grep -c "10.53.0.7#.* (.): query '\./NS/IN' approved" ns1/named.run)
sent=$(grep -c "10.53.0.7#.* (.): query '\./NS/IN' approved" ns1/named.run || true)
[ "$sent" -eq 1 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))

148
bin/tests/system/geoip2/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -24,53 +26,53 @@ RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
for conf in conf/good*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that $conf is accepted ($n)"
ret=0
$CHECKCONF "$conf" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for conf in conf/bad*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that $conf is rejected ($n)"
ret=0
$CHECKCONF "$conf" >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by code using IPv4 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by code using IPv6 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 country code test"
fi
@ -81,35 +83,35 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database with nested ACLs using IPv4 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database with nested ACLs using IPv6 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 country nested ACL test"
fi
@ -120,35 +122,35 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by name using IPv4 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by name using IPv6 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 country name test"
fi
@ -159,37 +161,37 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by continent code using IPv4 ($n)"
ret=0
lret=0
# deliberately skipping 4 and 6 as they have duplicate continents
for i in 1 2 3 5 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by continent code using IPv6 ($n)"
ret=0
lret=0
# deliberately skipping 4 and 6 as they have duplicate continents
for i in 1 2 3 5 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 continent code test"
fi
@ -200,77 +202,77 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking City database by region code using IPv4 ($n)"
ret=0
lret=0
# skipping 2 on purpose here; it has the same region code as 1
for i in 1 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking City database by region code using IPv6 ($n)"
ret=0
lret=0
# skipping 2 on purpose here; it has the same region code as 1
for i in 1 3 4 5 6 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 region code test"
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "reloading server"
copy_setports ns2/named6.conf.in ns2/named.conf
$CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking City database by city name using IPv4 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking City database by city name using IPv6 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 city test"
fi
@ -281,35 +283,35 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ISP database using IPv4 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ISP database using IPv6 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 ISP test"
fi
@ -320,35 +322,35 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ASN database by org name using IPv4 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ASN database by org name using IPv6 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 ASN test"
fi
@ -359,35 +361,35 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking GeoIP6 ASN database, ASNNNN only, using IPv4 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ASN database, ASNNNN only, using IPv6 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 ASN test"
fi
@ -398,35 +400,35 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking GeoIP6 ASN database, NNNN only, using IPv4 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ASN database, NNNN only, using IPv6 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 ASN test"
fi
@ -437,35 +439,35 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Domain database using IPv4 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Domain database using IPv6 ($n)"
ret=0
lret=0
for i in 1 2 3 4 5 6 7; do
$DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
[ "$i" = "$j" ] || lret=1
[ $lret -eq 1 ] && break
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 Domain test"
fi
@ -476,13 +478,13 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking geoip blackhole ACL ($n)"
ret=0
$DIG $DIGOPTS txt example -b 10.53.0.7 > dig.out.ns2.test$n || ret=1
$RNDCCMD 10.53.0.2 status 2>&1 > rndc.out.ns2.test$n || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

2
bin/tests/system/glue/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
#

15
bin/tests/system/idna/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
# Set known locale for the tests
@ -102,12 +104,12 @@ idna_test() {
echo_i "$description ($n)"
ret=0
$DIGCMD $2 $3 > dig.out.$n 2>&1
if [ $? -ne 0 ]; then
{ $DIGCMD $2 $3 > dig.out.$n 2>&1; rc=$?; } || true
if [ $rc -ne 0 ]; then
echo_i "failed: dig command returned non-zero status"
ret=1
else
actual=`qname dig.out.$n`
actual=$(qname dig.out.$n)
if [ "$4" != "$actual" ]; then
echo_i "failed: expected answer $4, actual result $actual"
ret=1
@ -131,8 +133,8 @@ idna_fail() {
echo_i "$description ($n)"
ret=0
$DIGCMD $2 $3 > dig.out.$n 2>&1
if [ $? -eq 0 ]; then
{ $DIGCMD $2 $3 > dig.out.$n 2>&1; rc=$?; } || true
if [ $rc -eq 0 ]; then
echo_i "failed: dig command unexpectedly succeeded"
ret=1
fi
@ -382,8 +384,7 @@ idna_disabled_test() {
# Main test begins here
$FEATURETEST --with-libidn2
if [ $? -eq 0 ]; then
if $FEATURETEST --with-libidn2; then
idna_enabled_test
else
idna_disabled_test

17
bin/tests/system/include-multiplecfg/tests.sh
View file

@ -13,6 +13,7 @@
# Test of include statement with glob expression.
set -e
. ../conf.sh
@ -22,42 +23,42 @@ status=0
n=0
# Test 1 - check if zone1 was loaded.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking glob include of zone1 config ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 zone1.com. a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^zone1.com.' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 2 - check if zone2 was loaded.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking glob include of zone2 config ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 zone2.com. a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^zone2.com.' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 3 - check if standard file path (no magic chars) works.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking include of standard file path config ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 mars.com. a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^mars.com.' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 4: named-checkconf correctly parses glob includes.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf with glob include ($n)"
ret=0
(cd ns2; $CHECKCONF named.conf) || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

292
bin/tests/system/inline/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+tcp +dnssec -p ${PORT}"
@ -32,16 +34,19 @@ wait_for_serial() (
status=0
n=0
ret=0
$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 - nsec3 > /dev/null 2>&1
$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 - nsec3 > /dev/null 2>&1 || ret=1
for i in 1 2 3 4 5 6 7 8 9 0
do
nsec3param=$($DIG $DIGOPTS +nodnssec +short @10.53.0.3 nsec3param nsec3.)
nsec3param=$($DIG $DIGOPTS +nodnssec +short @10.53.0.3 nsec3param nsec3.) || ret=1
test "$nsec3param" = "1 0 0 -" && break
sleep 1
done
if [ $ret != 0 ]; then echo_i "pre-condition failed, test aborted"; exit 1; fi
n=$((n + 1))
echo_i "checking that an unsupported algorithm is not used for signing ($n)"
ret=0
@ -63,7 +68,7 @@ ret=0
for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10
do
ret=0
$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 || ret=1
keys=$(grep '^Done signing' signing.out.test$n | wc -l)
[ $keys = 2 ] || ret=1
if [ $ret = 0 ]; then break; fi
@ -75,7 +80,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking expired signatures are updated on load ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.3 +noall +answer +dnssec expired SOA > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 +noall +answer +dnssec expired SOA > dig.out.ns3.test$n || ret=1
expiry=$(awk '$4 == "RRSIG" { print $9 }' dig.out.ns3.test$n)
[ "$expiry" = "20110101000000" ] && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -84,7 +89,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking removal of private type record via 'rndc signing -clear' ($n)"
ret=0
$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 || ret=1
keys=$(sed -n -e 's/Done signing with key \(.*\)$/\1/p' signing.out.test$n)
for key in $keys; do
$RNDCCMD 10.53.0.3 signing -clear ${key} bits > /dev/null || ret=1
@ -94,7 +99,7 @@ done 2>&1 |sed 's/^/ns3 /' | cat_i
for i in 1 2 3 4 5 6 7 8 9 10
do
ans=0
$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 || ret=1
num=$(grep "Done signing with" signing.out.test$n | wc -l)
[ $num = 1 ] && break
sleep 1
@ -107,7 +112,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking private type was properly signed ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.6 bits TYPE65534 > dig.out.ns6.test$n
$DIG $DIGOPTS @10.53.0.6 bits TYPE65534 > dig.out.ns6.test$n || ret=1
grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ret=1
grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1
@ -122,7 +127,7 @@ $RNDCCMD 10.53.0.3 signing -clear all bits > /dev/null || ret=1
for i in 1 2 3 4 5 6 7 8 9 10
do
ans=0
$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 || ret=1
grep "No signing records found" signing.out.test$n > /dev/null || ans=1
[ $ans = 1 ] || break
sleep 1
@ -136,7 +141,7 @@ n=$((n + 1))
echo_i "checking negative private type response was properly signed ($n)"
ret=0
sleep 1
$DIG $DIGOPTS @10.53.0.6 bits TYPE65534 > dig.out.ns6.test$n
$DIG $DIGOPTS @10.53.0.6 bits TYPE65534 > dig.out.ns6.test$n || ret=1
grep "status: NOERROR" dig.out.ns6.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns6.test$n > /dev/null || ret=1
grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1
@ -144,17 +149,18 @@ grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
$NSUPDATE << EOF
n=$((n + 1))
echo_i "checking that the record is added on the hidden primary ($n)"
ret=0
$NSUPDATE << EOF || ret=1
zone bits
server 10.53.0.2 ${PORT}
update add added.bits 0 A 1.2.3.4
send
EOF
n=$((n + 1))
echo_i "checking that the record is added on the hidden primary ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 added.bits A > dig.out.ns2.test$n
$DIG $DIGOPTS @10.53.0.2 added.bits A > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -166,7 +172,7 @@ ret=0
for i in 1 2 3 4 5 6 7 8 9 10
do
ret=0
$DIG $DIGOPTS @10.53.0.3 added.bits A > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 added.bits A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret = 0 ]; then break; fi
@ -175,17 +181,18 @@ done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
$NSUPDATE << EOF
n=$((n + 1))
echo_i "checking YYYYMMDDVV (2011072400) serial on hidden primary ($n)"
ret=0
$NSUPDATE << EOF || ret=1
zone bits
server 10.53.0.2 ${PORT}
update add bits 0 SOA ns2.bits. . 2011072400 20 20 1814400 3600
send
EOF
n=$((n + 1))
echo_i "checking YYYYMMDDVV (2011072400) serial on hidden primary ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n
$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1
grep "2011072400" dig.out.ns2.test$n > /dev/null || ret=1
@ -197,7 +204,7 @@ echo_i "checking YYYYMMDDVV (2011072400) serial in signed zone ($n)"
for i in 1 2 3 4 5 6 7 8 9 10
do
ret=0
$DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
grep "2011072400" dig.out.ns3.test$n > /dev/null || ret=1
@ -213,7 +220,7 @@ ret=0
for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10
do
ret=0
$RNDCCMD 10.53.0.3 signing -list noixfr > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list noixfr > signing.out.test$n 2>&1 || ret=1
keys=$(grep '^Done signing' signing.out.test$n | wc -l)
[ $keys = 2 ] || ret=1
if [ $ret = 0 ]; then break; fi
@ -222,17 +229,18 @@ done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
$NSUPDATE << EOF
n=$((n + 1))
echo_i "checking that the record is added on the hidden primary, noixfr ($n)"
ret=0
$NSUPDATE << EOF || ret=1
zone noixfr
server 10.53.0.4 ${PORT}
update add added.noixfr 0 A 1.2.3.4
send
EOF
n=$((n + 1))
echo_i "checking that the record is added on the hidden primary, noixfr ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.4 added.noixfr A > dig.out.ns4.test$n
$DIG $DIGOPTS @10.53.0.4 added.noixfr A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -244,7 +252,7 @@ ret=0
for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10
do
ret=0
$DIG $DIGOPTS @10.53.0.3 added.noixfr A > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 added.noixfr A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret = 0 ]; then break; fi
@ -253,17 +261,18 @@ done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
$NSUPDATE << EOF
n=$((n + 1))
echo_i "checking YYYYMMDDVV (2011072400) serial on hidden primary, noixfr ($n)"
ret=0
$NSUPDATE << EOF || ret=1
zone noixfr
server 10.53.0.4 ${PORT}
update add noixfr 0 SOA ns4.noixfr. . 2011072400 20 20 1814400 3600
send
EOF
n=$((n + 1))
echo_i "checking YYYYMMDDVV (2011072400) serial on hidden primary, noixfr ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n
$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1
grep "2011072400" dig.out.ns4.test$n > /dev/null || ret=1
@ -275,7 +284,7 @@ echo_i "checking YYYYMMDDVV (2011072400) serial in signed zone, noixfr ($n)"
for i in 1 2 3 4 5 6 7 8 9 10
do
ret=0
$DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
grep "2011072400" dig.out.ns3.test$n > /dev/null || ret=1
@ -291,7 +300,7 @@ ret=0
for i in 1 2 3 4 5 6 7 8 9 10
do
ret=0
$RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 || ret=1
keys=$(grep '^Done signing' signing.out.test$n | wc -l)
[ $keys = 2 ] || ret=1
if [ $ret = 0 ]; then break; fi
@ -303,7 +312,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking removal of private type record via 'rndc signing -clear' (primary) ($n)"
ret=0
$RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 || ret=1
keys=$(sed -n -e 's/Done signing with key \(.*\)$/\1/p' signing.out.test$n)
for key in $keys; do
$RNDCCMD 10.53.0.3 signing -clear ${key} primary > /dev/null || ret=1
@ -313,7 +322,7 @@ done 2>&1 |sed 's/^/ns3 /' | cat_i
for i in 1 2 3 4 5 6 7 8 9
do
ans=0
$RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 || ret=1
num=$(grep "Done signing with" signing.out.test$n | wc -l)
[ $num = 1 ] && break
sleep 1
@ -326,7 +335,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking private type was properly signed (primary) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.6 primary TYPE65534 > dig.out.ns6.test$n
$DIG $DIGOPTS @10.53.0.6 primary TYPE65534 > dig.out.ns6.test$n || ret=1
grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ret=1
grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1
@ -340,7 +349,7 @@ $RNDCCMD 10.53.0.3 signing -clear all primary > /dev/null || ret=1
for i in 1 2 3 4 5 6 7 8 9 10
do
ans=0
$RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 || ret=1
grep "No signing records found" signing.out.test$n > /dev/null || ans=1
[ $ans = 1 ] || break
sleep 1
@ -358,7 +367,7 @@ rndc_reload ns3 10.53.0.3 primary
for i in 1 2 3 4 5 6 7 8 9
do
ans=0
$DIG $DIGOPTS @10.53.0.3 e.primary A > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 e.primary A > dig.out.ns3.test$n || ret=1
grep "10.0.0.5" dig.out.ns3.test$n > /dev/null || ans=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1
[ $ans = 1 ] || break
@ -374,7 +383,7 @@ ret=0
echo "c A 10.0.0.3" >> ns3/primary.db
rndc_reload ns3 10.53.0.3
sleep 1
$DIG $DIGOPTS @10.53.0.3 c.primary A > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 c.primary A > dig.out.ns3.test$n || ret=1
grep "NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -387,7 +396,7 @@ $RNDCCMD 10.53.0.3 reload primary 2>&1 | sed 's/^/ns3 /' | cat_i
for i in 1 2 3 4 5 6 7 8 9
do
ans=0
$DIG $DIGOPTS @10.53.0.3 c.primary A > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 c.primary A > dig.out.ns3.test$n || ret=1
grep "10.0.0.3" dig.out.ns3.test$n > /dev/null || ans=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1
[ $ans = 1 ] || break
@ -400,7 +409,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "check the added record was properly signed ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.3 e.primary A > dig.out.ns6.test$n
$DIG $DIGOPTS @10.53.0.3 e.primary A > dig.out.ns6.test$n || ret=1
grep "10.0.0.5" dig.out.ns6.test$n > /dev/null || ans=1
grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ans=1
grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ans=1
@ -413,7 +422,7 @@ ret=0
for i in 1 2 3 4 5 6 7 8 9 10
do
ret=0
$RNDCCMD 10.53.0.3 signing -list dynamic > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list dynamic > signing.out.test$n 2>&1 || ret=1
keys=$(grep '^Done signing' signing.out.test$n | wc -l)
[ $keys = 2 ] || ret=1
if [ $ret = 0 ]; then break; fi
@ -425,19 +434,19 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking primary zone that was updated while offline is correct ($n)"
ret=0
$DIG $DIGOPTS +nodnssec +short @10.53.0.3 updated SOA >dig.out.ns2.soa.test$n
$DIG $DIGOPTS +nodnssec +short @10.53.0.3 updated SOA >dig.out.ns2.soa.test$n || ret=1
serial=$(awk '{print $3}' dig.out.ns2.soa.test$n)
# serial should have changed
[ "$serial" = "2000042407" ] && ret=1
# e.updated should exist and should be signed
$DIG $DIGOPTS @10.53.0.3 e.updated A > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 e.updated A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
# updated.db.signed.jnl should exist, should have the source serial
# of primary2.db, and should show a minimal diff: no more than 8 added
# records (SOA/RRSIG, 2 x NSEC/RRSIG, A/RRSIG), and 4 removed records
# (SOA/RRSIG, NSEC/RRSIG).
$JOURNALPRINT ns3/updated.db.signed.jnl >journalprint.out.test$n
$JOURNALPRINT ns3/updated.db.signed.jnl >journalprint.out.test$n || ret=1
serial=$(awk '/Source serial =/ {print $4}' journalprint.out.test$n)
[ "$serial" = "2000042408" ] || ret=1
diffsize=$(wc -l < journalprint.out.test$n)
@ -451,7 +460,7 @@ ret=0
[ -f ns3/dynamic.db.jnl ] && { ret=1 ; echo_i "journal exists (pretest)" ; }
$NSUPDATE << EOF
$NSUPDATE << EOF || ret=1
zone dynamic
server 10.53.0.3 ${PORT}
update add e.dynamic 0 A 1.2.3.4
@ -463,7 +472,7 @@ EOF
for i in 1 2 3 4 5 6 7 8 9 10
do
ans=0
$DIG $DIGOPTS @10.53.0.3 e.dynamic > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 e.dynamic > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1
grep "1.2.3.4" dig.out.ns3.test$n > /dev/null || ans=1
@ -489,17 +498,18 @@ start_server --noclean --restart --port ${PORT} ns3 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
$NSUPDATE << EOF
n=$((n + 1))
echo_i "checking YYYYMMDDVV (2011072450) serial on hidden primary ($n)"
ret=0
$NSUPDATE << EOF || ret=1
zone bits
server 10.53.0.2 ${PORT}
update add bits 0 SOA ns2.bits. . 2011072450 20 20 1814400 3600
send
EOF
n=$((n + 1))
echo_i "checking YYYYMMDDVV (2011072450) serial on hidden primary ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n
$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1
grep "2011072450" dig.out.ns2.test$n > /dev/null || ret=1
@ -511,7 +521,7 @@ echo_i "checking YYYYMMDDVV (2011072450) serial in signed zone ($n)"
for i in 1 2 3 4 5 6 7 8 9 10
do
ret=0
$DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
grep "2011072450" dig.out.ns3.test$n > /dev/null || ret=1
@ -521,17 +531,18 @@ done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
$NSUPDATE << EOF
n=$((n + 1))
echo_i "checking YYYYMMDDVV (2011072450) serial on hidden primary, noixfr ($n)"
ret=0
$NSUPDATE << EOF || ret=1
zone noixfr
server 10.53.0.4 ${PORT}
update add noixfr 0 SOA ns4.noixfr. . 2011072450 20 20 1814400 3600
send
EOF
n=$((n + 1))
echo_i "checking YYYYMMDDVV (2011072450) serial on hidden primary, noixfr ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n
$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1
grep "2011072450" dig.out.ns4.test$n > /dev/null || ret=1
@ -543,7 +554,7 @@ echo_i "checking YYYYMMDDVV (2011072450) serial in signed zone, noixfr ($n)"
for i in 1 2 3 4 5 6 7 8 9 10
do
ret=0
$DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
grep "2011072450" dig.out.ns3.test$n > /dev/null || ret=1
@ -553,17 +564,18 @@ done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
$NSUPDATE << EOF
n=$((n + 1))
echo_i "checking forwarded update on hidden primary ($n)"
ret=0
$NSUPDATE << EOF || ret=1
zone bits
server 10.53.0.3 ${PORT}
update add bits 0 SOA ns2.bits. . 2011072460 20 20 1814400 3600
send
EOF
n=$((n + 1))
echo_i "checking forwarded update on hidden primary ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n
$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1
grep "2011072460" dig.out.ns2.test$n > /dev/null || ret=1
@ -575,7 +587,7 @@ echo_i "checking forwarded update on signed zone ($n)"
for i in 1 2 3 4 5 6 7 8 9 10
do
ret=0
$DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
grep "2011072460" dig.out.ns3.test$n > /dev/null || ret=1
@ -585,17 +597,18 @@ done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
$NSUPDATE << EOF
n=$((n + 1))
echo_i "checking forwarded update on hidden primary, noixfr ($n)"
ret=0
$NSUPDATE << EOF || ret=1
zone noixfr
server 10.53.0.3 ${PORT}
update add noixfr 0 SOA ns4.noixfr. . 2011072460 20 20 1814400 3600
send
EOF
n=$((n + 1))
echo_i "checking forwarded update on hidden primary, noixfr ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n
$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1
grep "2011072460" dig.out.ns4.test$n > /dev/null || ret=1
@ -607,7 +620,7 @@ echo_i "checking forwarded update on signed zone, noixfr ($n)"
for i in 1 2 3 4 5 6 7 8 9 10
do
ret=0
$DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
grep "2011072460" dig.out.ns3.test$n > /dev/null || ret=1
@ -620,7 +633,7 @@ status=$((status + ret))
ret=0
n=$((n + 1))
echo_i "checking turning on of inline signing in a secondary zone via reload ($n)"
$DIG $DIGOPTS @10.53.0.5 +dnssec bits SOA > dig.out.ns5.test$n
$DIG $DIGOPTS @10.53.0.5 +dnssec bits SOA > dig.out.ns5.test$n || ret=1
grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "setup broken"; fi
@ -632,7 +645,7 @@ rndc_reload ns5 10.53.0.5
for i in 1 2 3 4 5 6 7 8 9 10
do
ret=0
$DIG $DIGOPTS @10.53.0.5 bits SOA > dig.out.ns5.test$n
$DIG $DIGOPTS @10.53.0.5 bits SOA > dig.out.ns5.test$n || ret=1
grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns5.test$n > /dev/null || ret=1
if [ $ret = 0 ]; then break; fi
@ -671,7 +684,7 @@ echo_i "check added record freeze1.dynamic ($n)"
for i in 1 2 3 4 5 6 7 8 9
do
ret=0
$DIG $DIGOPTS @10.53.0.3 freeze1.dynamic TXT > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 freeze1.dynamic TXT > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
test $ret = 0 && break
@ -701,7 +714,7 @@ echo_i "check added record freeze2.dynamic ($n)"
for i in 1 2 3 4 5 6 7 8 9
do
ret=0
$DIG $DIGOPTS @10.53.0.3 freeze2.dynamic TXT > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 freeze2.dynamic TXT > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1
test $ret = 0 && break
@ -729,7 +742,11 @@ $RNDCCMD 10.53.0.3 sync -clean dynamic 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
$NSUPDATE << EOF
n=$((n + 1))
echo_i "checking that the retransfer record is added on the hidden primary ($n)"
ret=0
$NSUPDATE << EOF || ret=1
zone retransfer
server 10.53.0.2 ${PORT}
update add added.retransfer 0 A 1.2.3.4
@ -737,10 +754,7 @@ send
EOF
n=$((n + 1))
echo_i "checking that the retransfer record is added on the hidden primary ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 added.retransfer A > dig.out.ns2.test$n
$DIG $DIGOPTS @10.53.0.2 added.retransfer A > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -752,7 +766,7 @@ ret=0
for i in 0 1 2 3 4 5 6 7 8 9
do
ans=0
$DIG $DIGOPTS @10.53.0.3 added.retransfer A > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 added.retransfer A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1
[ $ans = 0 ] && break
sleep 1
@ -767,7 +781,7 @@ $RNDCCMD 10.53.0.3 retransfer retransfer 2>&1 || ret=1
for i in 0 1 2 3 4 5 6 7 8 9
do
ans=0
$DIG $DIGOPTS @10.53.0.3 added.retransfer A > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 added.retransfer A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1
[ $ans = 0 ] && break
@ -782,7 +796,7 @@ echo_i "check 'rndc signing -nsec3param' requests are queued for zones which are
ret=0
# The "retransfer3" zone is configured with "allow-transfer { none; };" on ns2,
# which means it should not yet be available on ns3.
$DIG $DIGOPTS @10.53.0.3 retransfer3 SOA > dig.out.ns3.pre.test$n
$DIG $DIGOPTS @10.53.0.3 retransfer3 SOA > dig.out.ns3.pre.test$n || ret=1
grep "status: SERVFAIL" dig.out.ns3.pre.test$n > /dev/null || ret=1
# Switch the zone to NSEC3. An "NSEC3 -> NSEC -> NSEC3" sequence is used purely
# to test that multiple queued "rndc signing -nsec3param" requests are handled
@ -800,7 +814,7 @@ $RNDCCMD 10.53.0.3 retransfer retransfer3 || ret=1
for i in 0 1 2 3 4 5 6 7 8 9
do
ret=0
$DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n.$i
$DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n.$i || ret=1
grep "status: NXDOMAIN" dig.out.ns3.post.test$n.$i > /dev/null || ret=1
grep "NSEC3" dig.out.ns3.post.test$n.$i > /dev/null || ret=1
test $ret -eq 0 && break
@ -816,7 +830,7 @@ $RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 - retransfer3 > /dev/null 2>&1 || r
for i in 0 1 2 3 4 5 6 7 8 9
do
ans=0
$DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.pre.test$n
$DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.pre.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.pre.test$n > /dev/null || ans=1
grep "NSEC3" dig.out.ns3.pre.test$n > /dev/null || ans=1
[ $ans = 0 ] && break
@ -826,7 +840,7 @@ $RNDCCMD 10.53.0.3 retransfer retransfer3 2>&1 || ret=1
for i in 0 1 2 3 4 5 6 7 8 9
do
ans=0
$DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n
$DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.post.test$n > /dev/null || ans=1
grep "NSEC3" dig.out.ns3.post.test$n > /dev/null || ans=1
[ $ans = 0 ] && break
@ -844,28 +858,28 @@ ret=0
zone=nsec3-loop
# Add secondary zone using rndc
$RNDCCMD 10.53.0.7 addzone $zone \
'{ type secondary; primaries { 10.53.0.2; }; file "'$zone'.db"; inline-signing yes; auto-dnssec maintain; };'
'{ type secondary; primaries { 10.53.0.2; }; file "'$zone'.db"; inline-signing yes; auto-dnssec maintain; };' || ret=1
# Wait until secondary zone is fully signed using NSEC
for i in 1 2 3 4 5 6 7 8 9 0
do
ret=1
$RNDCCMD 10.53.0.7 signing -list $zone > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.7 signing -list $zone > signing.out.test$n 2>&1 || ret=1
keys=$(grep '^Done signing' signing.out.test$n | wc -l)
[ $keys -eq 3 ] && ret=0 && break
sleep 1
done
# Switch secondary zone to NSEC3
$RNDCCMD 10.53.0.7 signing -nsec3param 1 0 2 12345678 $zone > /dev/null 2>&1
$RNDCCMD 10.53.0.7 signing -nsec3param 1 0 2 12345678 $zone > /dev/null 2>&1 || ret=1
# Wait until secondary zone is fully signed using NSEC3
for i in 1 2 3 4 5 6 7 8 9 0
do
ret=1
nsec3param=$($DIG $DIGOPTS +nodnssec +short @10.53.0.7 nsec3param $zone)
nsec3param=$($DIG $DIGOPTS +nodnssec +short @10.53.0.7 nsec3param $zone) || ret=1
test "$nsec3param" = "1 0 2 12345678" && ret=0 && break
sleep 1
done
# Attempt to retransfer the secondary zone from primary
$RNDCCMD 10.53.0.7 retransfer $zone
$RNDCCMD 10.53.0.7 retransfer $zone || ret=1
# Check whether the signer managed to fully sign the retransferred zone by
# waiting for a specific SOA serial number to appear in the logs; if this
# specific SOA serial number does not appear in the logs, it means the signer
@ -876,8 +890,8 @@ $RNDCCMD 10.53.0.7 retransfer $zone
for i in 1 2 3 4 5 6 7 8 9 0
do
ret=1
grep "ns2.$zone. . 10 20 20 1814400 3600" ns7/named.run > /dev/null 2>&1
[ $? -eq 0 ] && ret=0 && break
{ grep "ns2.$zone. . 10 20 20 1814400 3600" ns7/named.run > /dev/null 2>&1; rc=$?; } || true
[ $rc -eq 0 ] && ret=0 && break
sleep 1
done
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -892,7 +906,7 @@ status=$((status + ret))
echo_i "update SOA record while stopped"
cp ns3/primary4.db.in ns3/primary.db
rm ns3/primary.db.jnl
rm -f ns3/primary.db.jnl
n=$((n + 1))
echo_i "restart bump in the wire signer server ($n)"
@ -907,7 +921,7 @@ ret=0
for i in 1 2 3 4 5 6 7 8 9
do
ans=0
$DIG $DIGOPTS @10.53.0.3 primary SOA > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 primary SOA > dig.out.ns3.test$n || ret=1
grep "hostmaster" dig.out.ns3.test$n > /dev/null || ans=1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1
[ $ans = 1 ] || break
@ -976,7 +990,7 @@ nextpart ns3/named.run > /dev/null
cp ns3/primary7.db.in ns3/primary.db
rndc_reload ns3 10.53.0.3
_includefile_loaded() {
$DIG $DIGOPTS @10.53.0.3 f.primary A > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 f.primary A > dig.out.ns3.test$n || return 1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || return 1
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || return 1
grep "10\.0\.0\.7" dig.out.ns3.test$n > /dev/null || return 1
@ -995,12 +1009,12 @@ ret=0
for zone in a b c d e f g h i j k l m n o p q r s t u v w x y z
do
$RNDCCMD 10.53.0.2 addzone test-$zone \
'{ type primary; file "bits.db.in"; allow-transfer { any; }; };'
$DIG $DIGOPTS @10.53.0.2 test-$zone SOA > dig.out.ns2.$zone.test$n
'{ type primary; file "bits.db.in"; allow-transfer { any; }; };' || ret=1
$DIG $DIGOPTS @10.53.0.2 test-$zone SOA > dig.out.ns2.$zone.test$n || ret=1
grep "status: NOERROR," dig.out.ns2.$zone.test$n > /dev/null || { ret=1; cat dig.out.ns2.$zone.test$n; }
$RNDCCMD 10.53.0.3 addzone test-$zone \
'{ type secondary; primaries { 10.53.0.2; }; file "'test-$zone.bk'"; inline-signing yes; auto-dnssec maintain; allow-transfer { any; }; };'
$RNDCCMD 10.53.0.3 delzone test-$zone > /dev/null 2>&1
'{ type secondary; primaries { 10.53.0.2; }; file "'test-$zone.bk'"; inline-signing yes; auto-dnssec maintain; allow-transfer { any; }; };' || ret=1
$RNDCCMD 10.53.0.3 delzone test-$zone > /dev/null 2>&1 || ret=1
done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -1008,7 +1022,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "testing adding external keys to a inline zone ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.3 dnskey externalkey > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 dnskey externalkey > dig.out.ns3.test$n || ret=1
for alg in ${DEFAULT_ALGORITHM_NUMBER} ${ALTERNATIVE_ALGORITHM_NUMBER}
do
[ $alg = 13 -a ! -f checkecdsa ] && continue;
@ -1046,9 +1060,9 @@ status=$((status + ret))
n=$((n + 1))
echo_i "testing updating inline secure serial via 'rndc signing -serial' ($n)"
ret=0
$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n
$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n || ret=1
newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.n3.pre.test$n)
$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1
$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 || ret=1
retry_quiet 5 wait_for_serial 10.53.0.3 nsec3. "${newserial:-0}" dig.out.ns3.post.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -1056,12 +1070,12 @@ status=$((status + ret))
n=$((n + 1))
echo_i "testing updating inline secure serial via 'rndc signing -serial' with negative change ($n)"
ret=0
$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n
$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n || ret=1
oldserial=$(awk '$4 == "SOA" { print $7 }' dig.out.n3.pre.test$n)
newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] - 10) if ($field[3] eq "SOA"); }' < dig.out.n3.pre.test$n)
$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1
$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 || ret=1
sleep 1
$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.ns3.post.test$n
$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.ns3.post.test$n || ret=1
serial=$(awk '$4 == "SOA" { print $7 }' dig.out.ns3.post.test$n)
[ ${oldserial:-0} -eq ${serial:-1} ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1073,12 +1087,12 @@ status=$((status + ret))
n=$((n + 1))
echo_i "testing updating inline secure serial via 'rndc signing -serial' when frozen ($n)"
ret=0
$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n
$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n || ret=1
oldserial=$(awk '$4 == "SOA" { print $7 }' dig.out.n3.pre.test$n)
newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.n3.pre.test$n)
$RNDCCMD 10.53.0.3 freeze nsec3 > /dev/null 2>&1
$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1
$RNDCCMD 10.53.0.3 thaw nsec3 > /dev/null 2>&1
$RNDCCMD 10.53.0.3 freeze nsec3 > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.3 thaw nsec3 > /dev/null 2>&1 || ret=1
retry_quiet 5 wait_for_serial 10.53.0.3 nsec3. "${newserial:-0}" dig.out.ns3.post1.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -1086,9 +1100,9 @@ status=$((status + ret))
n=$((n + 1))
echo_i "testing updating dynamic serial via 'rndc signing -serial' ($n)"
ret=0
$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n
$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n || ret=1
newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.ns2.pre.test$n)
$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1
$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 || ret=1
retry_quiet 5 wait_for_serial 10.53.0.2 bits. "${newserial:-0}" dig.out.ns2.post.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -1096,10 +1110,10 @@ status=$((status + ret))
n=$((n + 1))
echo_i "testing updating dynamic serial via 'rndc signing -serial' with negative change ($n)"
ret=0
$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n
$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n || ret=1
oldserial=$(awk '$4 == "SOA" { print $7 }' dig.out.ns2.pre.test$n)
newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] - 10) if ($field[3] eq "SOA"); }' < dig.out.ns2.pre.test$n)
$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1
$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 || ret=1
retry_quiet 5 wait_for_serial 10.53.0.2 bits. "${newserial:-1}" dig.out.ns2.post1.test$n && ret=1
retry_quiet 5 wait_for_serial 10.53.0.2 bits. "${oldserial:-1}" dig.out.ns2.post2.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1108,12 +1122,12 @@ status=$((status + ret))
n=$((n + 1))
echo_i "testing updating dynamic serial via 'rndc signing -serial' when frozen ($n)"
ret=0
$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n
$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n || ret=1
oldserial=$(awk '$4 == "SOA" { print $7 }' dig.out.ns2.pre.test$n)
newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.ns2.pre.test$n)
$RNDCCMD 10.53.0.2 freeze bits > /dev/null 2>&1
$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1
$RNDCCMD 10.53.0.2 thaw bits > /dev/null 2>&1
$RNDCCMD 10.53.0.2 freeze bits > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 && ret=1
$RNDCCMD 10.53.0.2 thaw bits > /dev/null 2>&1 || ret=1
retry_quiet 5 wait_for_serial 10.53.0.2 bits. "${newserial:-1}" dig.out.ns2.post1.test$n && ret=1
retry_quiet 5 wait_for_serial 10.53.0.2 bits. "${oldserial:-1}" dig.out.ns2.post2.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1126,7 +1140,7 @@ ret=0
$DIG $DIGOPTS @10.53.0.3 soa inactivezsk > dig.out.ns3.pre.test$n || ret=1
soa1=$(awk '$4 == "SOA" { print $7 }' dig.out.ns3.pre.test$n)
$NSUPDATE << EOF
$NSUPDATE << EOF || ret=1
server 10.53.0.2 ${PORT}
update add added.inactivezsk 0 IN TXT added record
send
@ -1154,7 +1168,7 @@ n=$((n + 1))
echo_i "testing that inline signing works with inactive KSK and active ZSK ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.3 axfr inactiveksk > dig.out.ns3.test$n
$DIG $DIGOPTS @10.53.0.3 axfr inactiveksk > dig.out.ns3.test$n || ret=1
#
# check that DNSKEY is signed with ZSK for default algorithm
@ -1222,7 +1236,7 @@ EOF
wait_until_raw_zone_update_is_processed "nokeys"
# Query for bar.nokeys/A again and ensure the signer now returns a positive,
# yet still unsigned response.
$DIG $DIGOPTS @10.53.0.3 bar.nokeys. A > dig.out.ns3.post.test$n 2>&1
$DIG $DIGOPTS @10.53.0.3 bar.nokeys. A > dig.out.ns3.post.test$n 2>&1 || ret=1
grep "status: NOERROR" dig.out.ns3.post.test$n > /dev/null || ret=1
grep "RRSIG" dig.out.ns3.pre.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1251,7 +1265,7 @@ EOF
wait_until_raw_zone_update_is_processed "removedkeys-primary"
# Query for bar.removedkeys-primary/A again and ensure the signer still returns
# a negative, signed response.
$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-primary. A > dig.out.ns3.post.test$n 2>&1
$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-primary. A > dig.out.ns3.post.test$n 2>&1 || ret=1
grep "status: NOERROR" dig.out.ns3.post.test$n > /dev/null && ret=1
grep "RRSIG" dig.out.ns3.pre.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1262,7 +1276,7 @@ echo_i "checking that backlogged changes to raw zone are applied after keys beco
ret=0
# Restore the signing keys for this zone.
mv ns3/removedkeys/Kremovedkeys-primary* ns3
$RNDCCMD 10.53.0.3 loadkeys removedkeys-primary > /dev/null 2>&1
$RNDCCMD 10.53.0.3 loadkeys removedkeys-primary > /dev/null 2>&1 || ret=1
# Determine what a SOA record with a bumped serial number should look like.
BUMPED_SOA=$(sed -n 's/.*\(add removedkeys-primary.*IN.*SOA\)/\1/p;' ns3/named.run | tail -1 | awk '{$8 += 1; print $0}')
# Ensure the wait_until_raw_zone_update_is_processed() call below will ignore
@ -1279,7 +1293,7 @@ EOF
wait_until_raw_zone_update_is_processed "removedkeys-primary"
# Query for bar.removedkeys-primary/A again and ensure the signer now returns a
# positive, signed response.
$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-primary. A > dig.out.ns3.test$n 2>&1
$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-primary. A > dig.out.ns3.test$n 2>&1 || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "RRSIG" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1308,7 +1322,7 @@ EOF
wait_until_raw_zone_update_is_processed "removedkeys-secondary"
# Query for bar.removedkeys-secondary/A again and ensure the signer still returns a
# negative, signed response.
$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-secondary. A > dig.out.ns3.post.test$n 2>&1
$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-secondary. A > dig.out.ns3.post.test$n 2>&1 || ret=1
grep "status: NOERROR" dig.out.ns3.post.test$n > /dev/null && ret=1
grep "RRSIG" dig.out.ns3.pre.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1319,7 +1333,7 @@ echo_i "checking that backlogged changes to raw zone are applied after keys beco
ret=0
# Restore the signing keys for this zone.
mv ns3/removedkeys/Kremovedkeys-secondary* ns3
$RNDCCMD 10.53.0.3 loadkeys removedkeys-secondary > /dev/null 2>&1
$RNDCCMD 10.53.0.3 loadkeys removedkeys-secondary > /dev/null 2>&1 || ret=1
# Determine what a SOA record with a bumped serial number should look like.
BUMPED_SOA=$(sed -n 's/.*\(add removedkeys-secondary.*IN.*SOA\)/\1/p;' ns2/named.run | tail -1 | awk '{$8 += 1; print $0}')
# Ensure the wait_until_raw_zone_update_is_processed() call below will ignore
@ -1336,7 +1350,7 @@ EOF
wait_until_raw_zone_update_is_processed "removedkeys-secondary"
# Query for bar.removedkeys-secondary/A again and ensure the signer now returns
# a positive, signed response.
$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-secondary. A > dig.out.ns3.test$n 2>&1
$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-secondary. A > dig.out.ns3.test$n 2>&1 || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "RRSIG" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1362,26 +1376,26 @@ mv Kdelayedkeys* ns3/
$RNDCCMD 10.53.0.3 loadkeys delayedkeys > rndc.out.ns3.pre.test$n 2>&1 || ret=1
# Wait until the zone is signed.
check_done_signing () (
$RNDCCMD 10.53.0.3 signing -list delayedkeys > signing.out.test$n 2>&1
$RNDCCMD 10.53.0.3 signing -list delayedkeys > signing.out.test$n 2>&1 || true
num=$(grep "Done signing with" signing.out.test$n | wc -l)
[ $num -eq 2 ]
)
retry_quiet 10 check_done_signing || ret=1
# Halt rather than stopping the server to prevent the file from being
# flushed upon shutdown since we specifically want to avoid it.
stop_server --use-rndc --halt --port ${CONTROLPORT} ns3
stop_server --use-rndc --halt --port ${CONTROLPORT} ns3 || ret=1
ensure_sigs_only_in_journal delayedkeys ns3/delayedkeys.db.signed
start_server --noclean --restart --port ${PORT} ns3
start_server --noclean --restart --port ${PORT} ns3 || ret=1
# At this point, the raw zone journal will not have a source serial set. Upon
# server startup, receive_secure_serial() will rectify that, update SOA, resign
# it, and schedule its future resign. This will cause "rndc zonestatus" to
# return delayedkeys/SOA as the next node to resign, so we restart the server
# once again; with the raw zone journal now having a source serial set,
# receive_secure_serial() should refrain from introducing any zone changes.
stop_server --use-rndc --halt --port ${CONTROLPORT} ns3
stop_server --use-rndc --halt --port ${CONTROLPORT} ns3 || ret=1
ensure_sigs_only_in_journal delayedkeys ns3/delayedkeys.db.signed
nextpart ns3/named.run > /dev/null
start_server --noclean --restart --port ${PORT} ns3
start_server --noclean --restart --port ${PORT} ns3 || ret=1
# We can now test whether the secure zone journal was correctly processed:
# unless the records contained in it were scheduled for resigning, no resigning
# event will be scheduled at all since the secure zone file contains no
@ -1395,7 +1409,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "check that zonestatus reports 'type: primary' for an inline primary zone ($n)"
ret=0
$RNDCCMD 10.53.0.3 zonestatus primary > rndc.out.ns3.test$n
$RNDCCMD 10.53.0.3 zonestatus primary > rndc.out.ns3.test$n || ret=1
grep "type: primary" rndc.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -1403,7 +1417,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "check that zonestatus reports 'type: secondary' for an inline secondary zone ($n)"
ret=0
$RNDCCMD 10.53.0.3 zonestatus bits > rndc.out.ns3.test$n
$RNDCCMD 10.53.0.3 zonestatus bits > rndc.out.ns3.test$n || ret=1
grep "type: secondary" rndc.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@ -1464,12 +1478,12 @@ echo_i "Check that restart with zone changes and deleted journal works ($n)"
TSIG=
ret=0
dig_with_opts @10.53.0.8 example SOA > dig.out.ns8.test$n.soa1 || ret=1
stop_server --use-rndc --port ${CONTROLPORT} ns8
stop_server --use-rndc --port ${CONTROLPORT} ns8 || ret=1
# TTL of all records change from 300 to 400
cp ns8/example3.db.in ns8/example.db || ret=1
rm ns8/example.db.jnl
rm -f ns8/example.db.jnl
nextpart ns8/named.run > /dev/null
start_server --noclean --restart --port ${PORT} ns8
start_server --noclean --restart --port ${PORT} ns8 || ret=1
wait_for_log 3 "all zones loaded" ns8/named.run
sleep 1
dig_with_opts @10.53.0.8 example SOA > dig.out.ns8.test$n.soa2 || ret=1

50
bin/tests/system/integrity/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -23,108 +25,108 @@ ret=0
$DIG $DIGOPTS @10.53.0.1 mx mx-cname-fail > dig.out.test$n || ret=1
grep "status: SERVFAIL," dig.out.test$n > /dev/null || ret=1
grep "zone mx-cname-fail/IN: mx-cname-fail/MX 'cname.mx-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity yes; check-mx-cname warn;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 mx mx-cname-warn > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone mx-cname-warn/IN: mx-cname-warn/MX 'cname.mx-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity yes; check-mx-cname ignore;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 mx mx-cname-ignore > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone mx-cname-ignore/IN: mx-cname-ignore/MX 'cname.mx-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-mx-cname fail;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-fail > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-mx-cname-fail/IN: no-mx-cname-fail/MX 'cname.no-mx-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-mx-cname warn;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-warn > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-mx-cname-warn/IN: no-mx-cname-warn/MX 'cname.no-mx-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-mx-cname ignore;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-ignore > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-mx-cname-ignore/IN: no-mx-cname-ignore/MX 'cname.no-mx-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity yes; check-srv-cname fail;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv srv-cname-fail > dig.out.test$n || ret=1
grep "status: SERVFAIL," dig.out.test$n > /dev/null || ret=1
grep "zone srv-cname-fail/IN: srv-cname-fail/SRV 'cname.srv-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity yes; check-srv-cname warn;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv srv-cname-warn > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone srv-cname-warn/IN: srv-cname-warn/SRV 'cname.srv-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity yes; check-srv-cname ignore;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv srv-cname-ignore > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone srv-cname-ignore/IN: srv-cname-ignore/SRV 'cname.srv-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-srv-cname fail;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-fail > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-srv-cname-fail/IN: no-srv-cname-fail/SRV 'cname.no-srv-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-srv-cname warn;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-warn > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-srv-cname-warn/IN: no-srv-cname-warn/SRV 'cname.no-srv-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-srv-cname ignore;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-ignore > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-srv-cname-ignore/IN: no-srv-cname-ignore/SRV 'cname.no-srv-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
test $status -eq 0 || exit 1

10
bin/tests/system/ixfr/tests.sh
View file

@ -16,6 +16,8 @@
# in the log file - need a better approach <sdm> - until then,
# if you add any tests above that point, you will break the test.
set -e
. ../conf.sh
wait_for_serial() (
@ -206,8 +208,8 @@ status=$((status+ret))
n=$((n+1))
echo_i "testing ixfr-from-differences option ($n)"
# ns3 is primary; ns4 is secondary
$CHECKZONE test. ns3/mytest.db > /dev/null 2>&1
if [ $? -ne 0 ]
{ $CHECKZONE test. ns3/mytest.db > /dev/null 2>&1; rc=$?; } || true
if [ $rc -ne 0 ]
then
echo_i "named-checkzone returned failure on ns3/mytest.db"
fi
@ -299,9 +301,9 @@ sub=$!
$DIG -p ${PORT} ixfr=0 large @10.53.0.3 > dig.out.test$n
kill $sub
)
lines=`grep hostmaster.large dig.out.test$n | wc -l`
lines=$(grep hostmaster.large dig.out.test$n | wc -l)
test ${lines:-0} -eq 2 || ret=1
messages=`sed -n 's/^;;.*messages \([0-9]*\),.*/\1/p' dig.out.test$n`
messages=$(sed -n 's/^;;.*messages \([0-9]*\),.*/\1/p' dig.out.test$n)
test ${messages:-0} -gt 1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))

88
bin/tests/system/journal/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
dig_with_opts() {
@ -24,7 +26,7 @@ rndc_with_opts() {
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "check outdated journal rolled forward (dynamic) ($n)"
ret=0
dig_with_opts changed soa > dig.out.test$n
@ -32,33 +34,33 @@ grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1
grep '2012010902' dig.out.test$n > /dev/null || ret=1
grep 'zone changed/IN: journal rollforward completed successfully using old journal format' ns1/named.run > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check outdated empty journal did not cause an error (dynamic) ($n)"
ret=0
dig_with_opts unchanged soa > dig.out.test$n
grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1
grep '2012010901' dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check outdated journals were updated or removed (dynamic) ($n)"
ret=0
cat -v ns1/changed.db.jnl | grep "BIND LOG V9.2" > /dev/null || ret=1
[ -f ns1/unchanged.db.jnl ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check updated journal has correct RR count (dynamic) ($n)"
ret=0
$JOURNALPRINT -x ns1/changed.db.jnl | grep "rrcount 3 " > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check new-format journal rolled forward (dynamic) ($n)"
ret=0
dig_with_opts changed2 soa > dig.out.test$n
@ -67,9 +69,9 @@ grep '2012010902' dig.out.test$n > /dev/null || ret=1
grep 'zone changed2/IN: journal rollforward completed successfully: success' ns1/named.run > /dev/null || ret=1
grep 'zone changed2/IN: journal rollforward completed successfully using old journal format' ns1/named.run > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check new-format empty journal did not cause error (dynamic) ($n)"
ret=0
dig_with_opts unchanged2 soa > dig.out.test$n
@ -78,17 +80,17 @@ grep '2012010901' dig.out.test$n > /dev/null || ret=1
grep 'zone unchanged2/IN: journal rollforward completed successfully' ns1/named.run > /dev/null && ret=1
grep 'zone unchanged2/IN: journal rollforward completed successfully using old journal format' ns1/named.run > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check new-format journals were updated or removed (dynamic) ($n)"
ret=0
cat -v ns1/changed2.db.jnl | grep "BIND LOG V9.2" > /dev/null || ret=1
[ -f ns1/unchanged2.db.jnl ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check outdated up-to-date journal succeeded (ixfr-from-differences) ($n)"
ret=0
dig_with_opts -t soa ixfr > dig.out.test$n
@ -96,16 +98,16 @@ grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1
grep '2012010902' dig.out.test$n > /dev/null || ret=1
grep 'zone ixfr/IN: journal rollforward completed successfully using old journal format: up to date' ns1/named.run > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check outdated journal was updated (ixfr-from-differences) ($n)"
ret=0
cat -v ns1/ixfr.db.jnl | grep "BIND LOG V9.2" > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal with mixed headers succeeded (version 1,2,1,2) ($n)"
ret=0
dig_with_opts -t soa hdr1d1d2d1d2 > dig.out.test$n
@ -115,9 +117,9 @@ grep 'zone hdr1d1d2d1d2/IN: journal rollforward completed successfully using old
grep 'zone_journal_compact: zone hdr1d1d2d1d2/IN: repair full journal' ns1/named.run > /dev/null || ret=1
grep 'hdr1d1d2d1d2/IN: dns_journal_compact: success' ns1/named.run > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal with mixed headers was updated (version 1,2,1,2) ($n)"
ret=0
[ $($JOURNALPRINT -x ns1/d1212.jnl.saved | grep -c "version 1") -eq 2 ] || ret=1
@ -125,9 +127,9 @@ ret=0
[ $($JOURNALPRINT -x ns1/d1212.db.jnl | grep -c "version 1") -eq 0 ] || ret=1
[ $($JOURNALPRINT -x ns1/d1212.db.jnl | grep -c "version 2") -eq 4 ] || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal with mixed headers succeeded (version 2,1,2,1) ($n)"
ret=0
dig_with_opts -t soa hdr1d2d1d2d1 > dig.out.test$n
@ -137,9 +139,9 @@ grep 'zone hdr1d2d1d2d1/IN: journal rollforward completed successfully using old
grep 'zone_journal_compact: zone hdr1d2d1d2d1/IN: repair full journal' ns1/named.run > /dev/null || ret=1
grep 'zone hdr1d2d1d2d1/IN: dns_journal_compact: success' ns1/named.run > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal with mixed headers was updated (version 2,1,2,1) ($n)"
ret=0
[ $($JOURNALPRINT -x ns1/d2121.jnl.saved | grep -c "version 1") -eq 2 ] || ret=1
@ -147,18 +149,18 @@ ret=0
[ $($JOURNALPRINT -x ns1/d2121.db.jnl | grep -c "version 1") -eq 0 ] || ret=1
[ $($JOURNALPRINT -x ns1/d2121.db.jnl | grep -c "version 2") -eq 4 ] || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check there are no journals left un-updated ($n)"
ret=0
c1=$(cat -v ns1/*.jnl | grep -c "BIND LOG V9")
c2=$(cat -v ns1/*.jnl | grep -c "BIND LOG V9.2")
[ ${c1} -eq ${c2} ] || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Check that journal with mixed headers can be compacted (version 1,2,1,2) ($n)"
ret=0
journal=ns1/d1212.jnl.saved
@ -169,9 +171,9 @@ do
$JOURNALPRINT -c $serial tmp.jnl || ret=1
done
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Check that journal with mixed headers can be compacted (version 2,1,2,1) ($n)"
ret=0
journal=ns1/d2121.jnl.saved
@ -182,18 +184,18 @@ do
$JOURNALPRINT -c $serial tmp.jnl || ret=1
done
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check upgrade of managed-keys.bind.jnl succeeded($n)"
ret=0
$JOURNALPRINT ns1/managed-keys.bind.jnl > journalprint.out.test$n
lines=$(awk '$1 == "add" && $5 == "SOA" && $8 == "3297" { print }' journalprint.out.test$n | wc -l)
test $lines -eq 1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal downgrade/upgrade ($n)"
ret=0
cp ns1/changed.db.jnl ns1/temp.jnl
@ -204,9 +206,9 @@ $JOURNALPRINT -u ns1/temp.jnl
$JOURNALPRINT -x ns1/temp.jnl | grep -q "Header version = 2" || ret=1
[ $($JOURNALPRINT -x ns1/temp.jnl | grep -c "version 2") -eq 1 ] || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check max-journal-size works after journal update ($n)"
ret=0
# journal was repaired, it should still be big
@ -219,9 +221,9 @@ check_size() (
)
retry_quiet 10 check_size || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check max-journal-size works with non-updated journals ($n)"
ret=0
# journal was not repaired, so it should still be big
@ -234,18 +236,18 @@ check_size() (
)
retry_quiet 10 check_size || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal index consistency ($n)"
ret=0
for jnl in ns1/*.jnl; do
$JOURNALPRINT -x $jnl 2>&1 | grep -q "Offset mismatch" && ret=1
done
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that journal is applied to zone with keydata placeholder record"
ret=0
grep 'managed-keys-zone: journal rollforward completed successfully: up to date' ns2/named.run > /dev/null 2>&1 || ret=1

10
bin/tests/system/kasp.sh
View file

@ -242,6 +242,8 @@ set_keyrole() {
test "$2" = "csk" && key_set "$1" "KSK" "yes"
test "$2" = "csk" && key_set "$1" "ZSK" "yes"
test "$2" = "csk" && key_set "$1" "FLAGS" "257"
return 0
}
set_keylifetime() {
key_set "$1" "EXPECT" "yes"
@ -379,7 +381,7 @@ check_key() {
[ -s "$STATE_FILE" ] || ret=1
fi
[ "$ret" -eq 0 ] || _log_error "${BASE_FILE} files missing"
[ "$ret" -eq 0 ] || return
[ "$ret" -eq 0 ] || return 0
# Retrieve creation date.
grep "; Created:" "$KEY_FILE" > "${ZONE}.${KEY_ID}.${_alg_num}.created" || _log_error "mismatch created comment in $KEY_FILE"
@ -454,6 +456,8 @@ check_key() {
grep "DSChange: " "$STATE_FILE" > /dev/null || _log_error "mismatch ds change in $STATE_FILE"
fi
fi
return 0
}
# Check the key timing metadata for key $1.
@ -656,7 +660,7 @@ key_unused() {
[ -s "$KEY_FILE" ] || ret=1
[ -s "$PRIVATE_FILE" ] || ret=1
[ -s "$STATE_FILE" ] || ret=1
[ "$ret" -eq 0 ] || return
[ "$ret" -eq 0 ] || return 0
# Treat keys that have been removed from the zone as unused.
_check_removed=1
@ -686,6 +690,8 @@ key_unused() {
grep "Retired: " "$STATE_FILE" > /dev/null && _log_error "unexpected retired in $STATE_FILE"
grep "Revoked: " "$STATE_FILE" > /dev/null && _log_error "unexpected revoked in $STATE_FILE"
grep "Removed: " "$STATE_FILE" > /dev/null && _log_error "unexpected removed in $STATE_FILE"
return 0
}
# Test: dnssec-verify zone $1.

4
bin/tests/system/kasp/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh
# shellcheck source=kasp.sh
@ -2164,7 +2166,7 @@ dnssec_verify
n=$((n+1))
echo_i "check that rndc dnssec -rollover fails if key is inactive ($n)"
ret=0
rndccmd "$SERVER" dnssec -rollover -key $(key_get KEY4 ID) "$ZONE" > rndc.dnssec.rollover.out.$ZONE.$n
rndccmd "$SERVER" dnssec -rollover -key $(key_get KEY4 ID) "$ZONE" > rndc.dnssec.rollover.out.$ZONE.$n || ret=1
grep "key is not actively signing" rndc.dnssec.rollover.out.$ZONE.$n > /dev/null || log_error "bad error message"
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))

42
bin/tests/system/keepalive/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -21,77 +23,77 @@ status=0
echo_i "checking that dig handles TCP keepalive ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +qr +keepalive foo.example @10.53.0.2 > dig.out.test$n
grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that dig added TCP keepalive ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$RNDCCMD stats
grep "EDNS TCP keepalive option received" ns2/named.stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that TCP keepalive is added for TCP responses ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n
grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that TCP keepalive requires TCP ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +keepalive foo.example @10.53.0.2 > dig.out.test$n
grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking default value ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.3 > dig.out.test$n
grep "; TCP KEEPALIVE: 30.0 secs" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking configured value ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n
grep "; TCP KEEPALIVE: 15.0 secs" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking re-configured value ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$RNDCCMD tcp-timeouts 300 300 300 200 > output
diff -b output expected || ret=1
$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n
grep "; TCP KEEPALIVE: 20.0 secs" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking server config entry ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$RNDCCMD stats
oka=`grep "EDNS TCP keepalive option received" ns2/named.stats | \
tail -1 | awk '{ print $1}'`
oka=$(grep "EDNS TCP keepalive option received" ns2/named.stats | \
tail -1 | awk '{ print $1}')
$DIG $DIGOPTS bar.example @10.53.0.3 > dig.out.test$n
$RNDCCMD stats
nka=`grep "EDNS TCP keepalive option received" ns2/named.stats | \
tail -1 | awk '{ print $1}'`
nka=$(grep "EDNS TCP keepalive option received" ns2/named.stats | \
tail -1 | awk '{ print $1}')
#echo oka ':' $oka
#echo nka ':' $nka
if [ "$oka" -eq "$nka" ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

2
bin/tests/system/keyfromlabel/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh

2
bin/tests/system/keymgr2kasp/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh
# shellcheck source=kasp.sh

4
bin/tests/system/legacy/ns6/sign.sh
View file

@ -22,8 +22,8 @@ infile=edns512.db.in
zonefile=edns512.db
outfile=edns512.db.signed
keyname1=`$KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
keyname1=$($KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null)
keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null)
cat $infile $keyname1.key $keyname2.key >$zonefile

4
bin/tests/system/legacy/ns7/sign.sh
View file

@ -22,8 +22,8 @@ infile=edns512-notcp.db.in
zonefile=edns512-notcp.db
outfile=edns512-notcp.db.signed
keyname1=`$KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
keyname1=$($KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null)
keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null)
cat $infile $keyname1.key $keyname2.key >$zonefile

86
bin/tests/system/legacy/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT} +tries=1 +time=2"
@ -45,7 +47,7 @@ resolution_fails() {
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking formerr edns server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.8 ednsformerr soa > dig.out.1.test$n || ret=1
@ -55,16 +57,16 @@ $DIG $DIGOPTS +noedns @10.53.0.8 ednsformerr soa > dig.out.2.test$n || ret=1
grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to formerr edns server succeeds ($n)"
ret=0
resolution_succeeds ednsformerr. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking notimp edns server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.9 ednsnotimp soa > dig.out.1.test$n || ret=1
@ -74,16 +76,16 @@ $DIG $DIGOPTS +noedns @10.53.0.9 ednsnotimp soa > dig.out.2.test$n || ret=1
grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to notimp edns server fails ($n)"
ret=0
resolution_fails ednsnotimp. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking refused edns server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.10 ednsrefused soa > dig.out.1.test$n || ret=1
@ -93,16 +95,16 @@ $DIG $DIGOPTS +noedns @10.53.0.10 ednsrefused soa > dig.out.2.test$n || ret=1
grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to refused edns server fails ($n)"
ret=0
resolution_fails ednsrefused. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking drop edns server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.2 dropedns soa > dig.out.1.test$n && ret=1
@ -118,16 +120,16 @@ $DIG $DIGOPTS +edns +tcp @10.53.0.2 dropedns soa > dig.out.4.test$n && ret=1
grep "timed out" dig.out.4.test$n > /dev/null || ret=1
grep ";; no servers could be reached" dig.out.4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to drop edns server fails ($n)"
ret=0
resolution_fails dropedns. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking drop edns + no tcp server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.3 dropedns-notcp soa > dig.out.1.test$n && ret=1
@ -139,16 +141,16 @@ $DIG $DIGOPTS +noedns @10.53.0.3 dropedns-notcp soa > dig.out.3.test$n || ret=1
grep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.3.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to drop edns + no tcp server fails ($n)"
ret=0
resolution_fails dropedns-notcp. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking plain dns server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.4 plain soa > dig.out.1.test$n || ret=1
@ -158,33 +160,33 @@ $DIG $DIGOPTS +edns +tcp @10.53.0.4 plain soa > dig.out.2.test$n
grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to plain dns server succeeds ($n)"
ret=0
resolution_succeeds plain. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking plain dns + no tcp server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.5 plain-notcp soa > dig.out.1.test$n || ret=1
grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1
$DIG $DIGOPTS +edns +tcp @10.53.0.5 plain-notcp soa > dig.out.2.test$n
$DIG $DIGOPTS +edns +tcp @10.53.0.5 plain-notcp soa > dig.out.2.test$n && ret=1
grep "connection refused" dig.out.2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to plain dns + no tcp server succeeds ($n)"
ret=0
resolution_succeeds plain-notcp. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "checking edns 512 server setup ($n)"
ret=0
@ -202,16 +204,16 @@ grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.4.test$n > /dev/null || ret=1
grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to edns 512 server succeeds ($n)"
ret=0
retry_quiet 3 resolution_succeeds edns512. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking edns 512 + no tcp server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1
@ -227,31 +229,31 @@ grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.4.test$n > /dev/null || ret=1
grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to edns 512 + no tcp server fails ($n)"
ret=0
resolution_fails edns512-notcp. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to edns 512 + no tcp server does not cause query loops ($n)"
ret=0
sent=`grep -c -F "sending packet to 10.53.0.7" ns1/named.run`
sent=$(grep -c -F "sending packet to 10.53.0.7" ns1/named.run)
if [ $sent -ge 10 ]; then
echo_i "ns1 sent $sent queries to ns7, expected less than 10"
ret=1
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
stop_server --use-rndc --port ${CONTROLPORT} ns1
copy_setports ns1/named2.conf.in ns1/named.conf
start_server --noclean --restart --port ${PORT} ns1
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to edns 512 + no tcp + trust anchor fails ($n)"
# retry loop in case the server restart above causes transient failure
for try in 0 1 2 3 4 5 6 7 8 9; do
@ -261,7 +263,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do
sleep 1
done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

2
bin/tests/system/limits/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"

10
bin/tests/system/logfileconfig/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
# Test given condition. If true, test again after a second. Used for testing
@ -216,7 +218,7 @@ try=0
while test $try -lt 12
do
touch ns1/named_inc.$try
try=`expr $try + 1`
try=$((try + 1))
done
rndc_reconfig ns1 10.53.0.1 > rndc.out.test$n
_found2() (
@ -227,7 +229,7 @@ _found2() (
while test $try -lt 12
do
[ -f ns1/named_inc.$try ] && return 1
try=`expr $try + 1`
try=$((try + 1))
done
set -- ns1/named_inc.*
[ "$#" -eq 1 ] || return 1
@ -244,7 +246,7 @@ try=0
while test $try -lt 12
do
touch $TMPDIR/example.log.$try
try=`expr $try + 1`
try=$((try + 1))
done
rndc_reconfig ns1 10.53.0.1 > rndc.out.test$n
_found2() (
@ -255,7 +257,7 @@ _found2() (
while test $try -lt 12
do
[ -f $TMPDIR/example.log.$try ] && return 1
try=`expr $try + 1`
try=$((try + 1))
done
set -- $TMPDIR/example.log.*
[ "$#" -eq 1 ] || return 1

18
bin/tests/system/masterfile/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -19,7 +21,7 @@ status=0
n=0
ret=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "test master file \$INCLUDE semantics ($n)"
$DIG $DIGOPTS +nostats +nocmd include. axfr @10.53.0.1 >dig.out.$n
@ -31,31 +33,31 @@ $DIG $DIGOPTS +nostats +nocmd ttl2. axfr @10.53.0.1 >>dig.out.$n
diff dig.out.$n knowngood.dig.out || status=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
ret=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "test that the nameserver is running with a missing master file ($n)"
$DIG $DIGOPTS +tcp +noall +answer example soa @10.53.0.2 > dig.out.$n
grep SOA dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
ret=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "test that the nameserver returns SERVFAIL for a missing master file ($n)"
$DIG $DIGOPTS +tcp +all missing soa @10.53.0.2 > dig.out.$n
grep "status: SERVFAIL" dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
ret=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "test owner inheritance after "'$INCLUDE'" ($n)"
$CHECKZONE -Dq example zone/inheritownerafterinclude.db > checkzone.out$n
diff checkzone.out$n zone/inheritownerafterinclude.good || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

5
bin/tests/system/masterformat/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh
@ -22,8 +24,7 @@ israw () {
$PERL -e 'binmode STDIN;
read(STDIN, $input, 8);
($style, $version) = unpack("NN", $input);
exit 1 if ($style != 2 || $version > 1);' < "$1"
return $?
exit 1 if ($style != 2 || $version > 1);' < "$1" || return $?
}
isfull () {

2
bin/tests/system/metadata/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
pzone=parent.nil pfile=parent.db

2
bin/tests/system/mirror/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT} -b 10.53.0.1 +dnssec +time=2 +tries=1 +multi"

15
bin/tests/system/names/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+nosea +stat +noquest +nocomm +nocmd -p ${PORT}"
@ -19,28 +21,27 @@ status=0
echo_i "Getting message size with compression enabled"
$DIG $DIGOPTS -b 10.53.0.1 @10.53.0.1 mx example > dig.compen.test
COMPEN=`grep ';; MSG SIZE' dig.compen.test |sed -e "s/.*: //g"`
COMPEN=$(grep ';; MSG SIZE' dig.compen.test |sed -e "s/.*: //g")
cat dig.compen.test |grep -v ';;' |sort > dig.compen.sorted.test
echo_i "Getting message size with compression disabled"
$DIG $DIGOPTS -b 10.53.0.2 @10.53.0.1 mx example > dig.compdis.test
COMPDIS=`grep ';; MSG SIZE' dig.compdis.test |sed -e "s/.*: //g"`
COMPDIS=$(grep ';; MSG SIZE' dig.compdis.test |sed -e "s/.*: //g")
cat dig.compdis.test |grep -v ';;' |sort > dig.compdis.sorted.test
# the compression disabled message should be at least twice as large as with
# compression disabled, but the content should be the same
echo_i "Checking if responses are identical other than in message size"
diff dig.compdis.sorted.test dig.compen.sorted.test >/dev/null
ret=$?
{ diff dig.compdis.sorted.test dig.compen.sorted.test >/dev/null; ret=$?; } || true
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Checking if message with compression disabled is significantly larger"
echo_i "Disabled $COMPDIS vs enabled $COMPEN"
val=`expr \( $COMPDIS \* 3 / 2 \) / $COMPEN`
val=$(( (COMPDIS * 3 / 2) / COMPEN))
if [ $val -le 1 ]; then
echo_i "failed"
status=`expr $status + 1`
status=$((status + 1))
fi;
echo_i "exit status: $status"

3
bin/tests/system/notify/tests.sh
View file

@ -11,8 +11,9 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
# shellcheck disable=SC2034
set -e
# shellcheck disable=SC2034
. ../conf.sh
dig_plus_opts() {

4
bin/tests/system/nsec3/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh
# shellcheck source=kasp.sh
@ -184,7 +186,7 @@ _check_nsec3_nsec3param() {
grep "${ZONE}.*0.*IN.*NSEC3PARAM.*1.*0.*${ITERATIONS}.*${SALT}" "dig.out.test$n.nsec3param.$ZONE" > /dev/null || return 1
if [ -z "$SALT" ]; then
SALT=`awk '$4 == "NSEC3PARAM" { print $8 }' dig.out.test$n.nsec3param.$ZONE`
SALT=$(awk '$4 == "NSEC3PARAM" { print $8 }' dig.out.test$n.nsec3param.$ZONE)
fi
return 0
}

2
bin/tests/system/nslookup/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck disable=SC2086
. ../conf.sh

8
bin/tests/system/nsupdate/krb/setup.sh
View file

@ -13,7 +13,7 @@
set -x
PWD=`pwd`
PWD=$(pwd)
KRB5_CONFIG="${PWD}/krb5.conf"
export KRB5_CONFIG
@ -21,9 +21,9 @@ export KRB5_CONFIG
KRB5_KDC_PROFILE=${PWD}/krb5kdc
export KRB5_KDC_PROFILE
now=`date +%s`
lifetime=`expr 2147483647 - $now`
lifetime=`expr $lifetime / 3600 / 24 - 30`
now=$(date +%s)
lifetime=$((2147483647 - now))
lifetime=$((lifetime / 3600 / 24 - 30))
cat << EOF > "${KRB5_CONFIG}"
[libdefaults]

36
bin/tests/system/nsupdate/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -579,7 +581,7 @@ done
ret=0
echo_i "check that 'nsupdate -l' with a missing keyfile reports the missing file"
$NSUPDATE -4 -p ${PORT} -l -k ns1/nonexistent.key 2> nsupdate.out < /dev/null
$NSUPDATE -4 -p ${PORT} -l -k ns1/nonexistent.key 2> nsupdate.out < /dev/null && ret=1
grep ns1/nonexistent.key nsupdate.out > /dev/null || ret=1
if test $ret -ne 0
then
@ -629,7 +631,7 @@ fi
n=$((n + 1))
ret=0
echo_i "check that 'update-policy tcp-self' refuses update of records via UDP ($n)"
$NSUPDATE > nsupdate.out.$n 2>&1 << END
$NSUPDATE > nsupdate.out.$n 2>&1 << END && ret=1
server 10.53.0.6 ${PORT}
local 127.0.0.1
update add 1.0.0.127.in-addr.arpa. 600 PTR localhost.
@ -667,7 +669,7 @@ fi
n=$((n + 1))
ret=0
echo_i "check that 'update-policy tcp-self' refuses update of records for a different address from the client's own address via TCP ($n)"
$NSUPDATE -v > nsupdate.out.$n 2>&1 << END
$NSUPDATE -v > nsupdate.out.$n 2>&1 << END && ret=1
server 10.53.0.6 ${PORT}
local 127.0.0.1
update add 1.0.168.192.in-addr.arpa. 600 PTR localhost.
@ -821,13 +823,13 @@ echo_i "check command list ($n)"
(
while read cmd
do
echo "$cmd" | $NSUPDATE > /dev/null 2>&1
if test $? -gt 1 ; then
{ echo "$cmd" | $NSUPDATE > /dev/null 2>&1; rc=$?; } || true
if test $rc -gt 1 ; then
echo_i "failed ($cmd)"
ret=1
fi
echo "$cmd " | $NSUPDATE > /dev/null 2>&1
if test $? -gt 1 ; then
{ echo "$cmd " | $NSUPDATE > /dev/null 2>&1; rc=$?; } || true
if test $rc -gt 1 ; then
echo_i "failed ($cmd)"
ret=1
fi
@ -1037,23 +1039,23 @@ retry_quiet 20 check_size_lt_5000 || ret=1
n=$((n + 1))
echo_i "check check-names processing ($n)"
ret=0
$NSUPDATE << EOF > nsupdate.out1-$n 2>&1
$NSUPDATE << EOF > nsupdate.out1-$n 2>&1 && ret=1
update add # 0 in a 1.2.3.4
EOF
grep "bad owner" nsupdate.out1-$n > /dev/null || ret=1
$NSUPDATE << EOF > nsupdate.out2-$n 2>&1
$NSUPDATE << EOF > nsupdate.out2-$n 2>&1 || ret=1
check-names off
update add # 0 in a 1.2.3.4
EOF
grep "bad owner" nsupdate.out2-$n > /dev/null && ret=1
$NSUPDATE << EOF > nsupdate.out3-$n 2>&1
$NSUPDATE << EOF > nsupdate.out3-$n 2>&1 && ret=1
update add . 0 in mx 0 #
EOF
grep "bad name" nsupdate.out3-$n > /dev/null || ret=1
$NSUPDATE << EOF > nsupdate.out4-$n 2>&1
$NSUPDATE << EOF > nsupdate.out4-$n 2>&1 || ret=1
check-names off
update add . 0 in mx 0 #
EOF
@ -1115,7 +1117,7 @@ zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
t2=`$PERL -e 'print time()'`
t2=$($PERL -e 'print time()')
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
elapsed=$((t2 - t1))
@ -1134,7 +1136,7 @@ zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
t2=`$PERL -e 'print time()'`
t2=$($PERL -e 'print time()')
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
elapsed=$((t2 - t1))
@ -1153,7 +1155,7 @@ zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
t2=`$PERL -e 'print time()'`
t2=$($PERL -e 'print time()')
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
elapsed=$((t2 - t1))
@ -1172,7 +1174,7 @@ zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
t2=`$PERL -e 'print time()'`
t2=$($PERL -e 'print time()')
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
elapsed=$((t2 - t1))
@ -1191,7 +1193,7 @@ zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
t2=`$PERL -e 'print time()'`
t2=$($PERL -e 'print time()')
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
elapsed=$((t2 - t1))
@ -1477,7 +1479,7 @@ n=$((n + 1))
ret=0
echo_i "check that update is rejected if query is not allowed ($n)"
{
$NSUPDATE -d <<END
$NSUPDATE -d <<END && ret=1
local 10.53.0.2
server 10.53.0.1 ${PORT}
update add reject.other.nil 3600 IN TXT Whatever

2
bin/tests/system/nzd2nzf/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
dig_with_opts() {

52
bin/tests/system/padding/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
n=0
@ -27,107 +29,107 @@ getcookie() {
echo_i "checking that dig handles padding ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +qr +padding=128 foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null || ret=1
grep "; QUERY SIZE: 128" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that dig added padding ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
nextpart ns2/named.stats > /dev/null
$RNDCCMD 10.53.0.2 stats
wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
nextpart ns2/named.stats | grep "EDNS padding option received" > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that padding is added for TCP responses ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc +padding=128 foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null || ret=1
grep "rcvd: 128" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that padding is added to valid cookie responses ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +cookie foo.example @10.53.0.2 > dig.out.testc
cookie=`getcookie dig.out.testc`
cookie=$(getcookie dig.out.testc)
$DIG $DIGOPTS +cookie=$cookie +padding=128 foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null || ret=1
grep "rcvd: 128" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that padding must be requested (TCP) ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that padding must be requested (valid cookie) ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +cookie=$cookie foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that padding can be filtered out ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc +padding=128 -b 10.53.0.8 foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that a TCP and padding server config enables padding ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
nextpart ns2/named.stats > /dev/null
$RNDCCMD 10.53.0.2 stats
wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
opad=`nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}'`
opad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}')
$DIG $DIGOPTS foo.example @10.53.0.3 > dig.out.test$n
$RNDCCMD 10.53.0.2 stats
wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
npad=`nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}'`
npad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}')
if [ "$opad" -eq "$npad" ]; then echo_i "error: opad ($opad) == npad ($npad)"; ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that a padding server config should enforce TCP ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
nextpart ns2/named.stats > /dev/null
$RNDCCMD 10.53.0.2 stats
wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
opad=`nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}'`
opad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}')
$DIG $DIGOPTS foo.example @10.53.0.4 > dig.out.test$n
$RNDCCMD 10.53.0.2 stats
wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
npad=`nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}'`
npad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}')
if [ "$opad" -ne "$npad" ]; then echo_i "error: opad ($opad) != npad ($npad)"; ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that zero-length padding option has no effect ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +qr +ednsopt=12 foo.example @10.53.0.2 > dig.out.test$n.1
grep "; PAD" dig.out.test$n.1 > /dev/null || ret=1
$DIG $DIGOPTS +qr +ednsopt=12:00 foo.example @10.53.0.2 > dig.out.test$n.2
grep "; PAD" dig.out.test$n.2 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

70
bin/tests/system/pending/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
# replace_data dname RR old_data new_data
@ -51,18 +53,18 @@ DIGOPTS_CD="$DIGOPTS +cd"
echo_i "Priming cache."
ret=0
expect="10 mail.example."
ans=`$DIG $DIGOPTS_CD @10.53.0.4 hostile MX` || ret=1
ans=$($DIG $DIGOPTS_CD @10.53.0.4 hostile MX) || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Checking that bogus additional is not returned with +CD."
ret=0
expect="10.0.0.2"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example A` || ret=1
ans=$($DIG $DIGOPTS_CD @10.53.0.4 mail.example A) || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
#
# Prime cache with pending additional records. These should not be promoted
@ -71,36 +73,36 @@ status=`expr $status + $ret`
echo_i "Priming cache (pending additional A and AAAA)"
ret=0
expect="10 mail.example.com."
ans=`$DIG $DIGOPTS @10.53.0.4 example.com MX` || ret=1
ans=$($DIG $DIGOPTS @10.53.0.4 example.com MX) || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Replacing pending A"
ret=0
replace_data mail.example.com. A 192.0.2.2 192.0.2.3 || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Replacing pending AAAA"
ret=0
replace_data mail.example.com. AAAA 2001:db8::2 2001:db8::3 || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Checking updated data to be returned (without CD)"
ret=0
expect="192.0.2.3"
ans=`$DIG $DIGOPTS @10.53.0.4 mail.example.com A` || ret=1
ans=$($DIG $DIGOPTS @10.53.0.4 mail.example.com A) || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Checking updated data to be returned (with CD)"
ret=0
expect="2001:db8::3"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example.com AAAA` || ret=1
ans=$($DIG $DIGOPTS_CD @10.53.0.4 mail.example.com AAAA) || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
#
# Prime cache with a pending answer record. It can be returned (without
@ -109,23 +111,23 @@ status=`expr $status + $ret`
echo_i "Priming cache (pending answer)"
ret=0
expect="192.0.2.2"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1
ans=$($DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A) || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Replacing pending data"
ret=0
replace_data pending-ok.example.com. A 192.0.2.2 192.0.2.3 || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Confirming cached pending data to be returned with CD"
ret=0
expect="192.0.2.2"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1
ans=$($DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A) || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
#
# Prime cache with a pending answer record. It should not be returned
@ -134,23 +136,23 @@ status=`expr $status + $ret`
echo_i "Priming cache (pending answer)"
ret=0
expect="192.0.2.102"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ng.example.com A` || ret=1
ans=$($DIG $DIGOPTS_CD @10.53.0.4 pending-ng.example.com A) || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Replacing pending data"
ret=0
replace_data pending-ng.example.com. A 192.0.2.102 192.0.2.103 || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Confirming updated data returned, not the cached one, without CD"
ret=0
expect="192.0.2.103"
ans=`$DIG $DIGOPTS @10.53.0.4 pending-ng.example.com A` || ret=1
ans=$($DIG $DIGOPTS @10.53.0.4 pending-ng.example.com A) || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
#
# Try to fool the resolver with an out-of-bailiwick CNAME
@ -158,20 +160,20 @@ status=`expr $status + $ret`
echo_i "Trying to Prime out-of-bailiwick pending answer with CD"
ret=0
expect="10.10.10.10"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 bad.example. A` || ret=1
ans=`echo $ans | awk '{print $NF}'`
ans=$($DIG $DIGOPTS_CD @10.53.0.4 bad.example. A) || ret=1
ans=$(echo $ans | awk '{print $NF}')
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Confirming the out-of-bailiwick answer is not cached or reused with CD"
ret=0
expect="10.10.10.10"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 nice.good. A` || ret=1
ans=`echo $ans | awk '{print $NF}'`
ans=$($DIG $DIGOPTS_CD @10.53.0.4 nice.good. A) || ret=1
ans=$(echo $ans | awk '{print $NF}')
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
#
# Make sure the resolver doesn't cache bogus NXDOMAIN
@ -179,20 +181,20 @@ status=`expr $status + $ret`
echo_i "Trying to Prime bogus NXDOMAIN"
ret=0
expect="SERVFAIL"
ans=`$DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A` || ret=1
ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'`
ans=$($DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A) || ret=1
ans=$(echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/')
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Confirming the bogus NXDOMAIN was not cached"
ret=0
expect="SERVFAIL"
ans=`$DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A` || ret=1
ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'`
ans=$($DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A) || ret=1
ans=$(echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/')
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

14
bin/tests/system/pipelined/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
MDIGOPTS="-p ${PORT}"
@ -26,7 +28,7 @@ sort < output > output-sorted
diff ref output-sorted || { ret=1 ; echo_i "diff sorted failed"; }
diff ref output > /dev/null && { ret=1 ; echo_i "diff out of order failed"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check pipelined TCP queries using mdig"
ret=0
@ -38,7 +40,7 @@ sort < output.mdig > output-sorted.mdig
diff ref output-sorted.mdig || { ret=1 ; echo_i "diff sorted failed"; }
diff ref output.mdig > /dev/null && { ret=1 ; echo_i "diff out of order failed"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check keep-response-order"
ret=0
@ -48,7 +50,7 @@ $PIPEQUERIES -p ${PORT} ++ < inputb > rawb || ret=1
awk '{ print $1 " " $5 }' < rawb > outputb
diff refb outputb || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check keep-response-order using mdig"
ret=0
@ -58,7 +60,7 @@ $MDIG $MDIGOPTS +noall +answer +vc -f inputb -b 10.53.0.7 @10.53.0.4 > rawb.mdig
awk '{ print $1 " " $5 }' < rawb.mdig > outputb.mdig
diff refb outputb.mdig || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check mdig -4 -6"
ret=0
@ -67,14 +69,14 @@ sleep 1
$MDIG $MDIGOPTS -4 -6 -f input @10.53.0.4 > output46.mdig 2>&1 && ret=1
grep "only one of -4 and -6 allowed" output46.mdig > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check mdig -4 with an IPv6 server address"
ret=0
$MDIG $MDIGOPTS -4 -f input @fd92:7065:b8e:ffff::2 > output4.mdig 2>&1 && ret=1
grep "address family not supported" output4.mdig > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

2
bin/tests/system/qmin/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"

56
bin/tests/system/reclimit/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -38,9 +40,9 @@ ns3_sends_aaaa_queries() {
# - if ns3 sends AAAA queries, the query count should equal $2,
# - if ns3 does not send AAAA queries, the query count should equal $3.
check_query_count() {
count1=`sed 's/[^0-9]//g;' $1`
count2=`sed 's/[^0-9]//g;' $2`
count=`expr $count1 + $count2`
count1=$(sed 's/[^0-9]//g;' $1)
count2=$(sed 's/[^0-9]//g;' $2)
count=$((count1 + count2))
#echo_i "count1=$count1 count2=$count2 count=$count"
expected_count_with_aaaa=$3
expected_count_without_aaaa=$4
@ -59,7 +61,7 @@ check_query_count() {
echo_i "set max-recursion-depth=12"
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt excessive-depth lookup ($n)"
ret=0
echo "1000" > ans2/ans.limit
@ -72,9 +74,9 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 27 14
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt permissible lookup ($n)"
ret=0
echo "12" > ans2/ans.limit
@ -88,11 +90,11 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 50 26
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "set max-recursion-depth=5"
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt excessive-depth lookup ($n)"
ret=0
echo "12" > ans2/ans.limit
@ -105,9 +107,9 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 13 7
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt permissible lookup ($n)"
ret=0
echo "5" > ans2/ans.limit
@ -121,11 +123,11 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 22 12
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "set max-recursion-depth=100, max-recursion-queries=50"
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt excessive-queries lookup ($n)"
ret=0
echo "13" > ans2/ans.limit
@ -139,12 +141,12 @@ if ns3_sends_aaaa_queries; then
fi
$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
eval count=`cat dig.out.2.test$n`
eval count=$(cat dig.out.2.test$n)
[ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt permissible lookup ($n)"
ret=0
echo "12" > ans2/ans.limit
@ -153,14 +155,14 @@ $DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
$DIG $DIGOPTS @10.53.0.3 indirect6.example.org > dig.out.1.test$n || ret=1
grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1
$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
eval count=`cat dig.out.2.test$n`
eval count=$(cat dig.out.2.test$n)
[ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "set max-recursion-depth=100, max-recursion-queries=40"
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt excessive-queries lookup ($n)"
ret=0
echo "11" > ans2/ans.limit
@ -171,12 +173,12 @@ if ns3_sends_aaaa_queries; then
grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1
fi
$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
eval count=`cat dig.out.2.test$n`
eval count=$(cat dig.out.2.test$n)
[ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt permissible lookup ($n)"
ret=0
echo "9" > ans2/ans.limit
@ -185,25 +187,25 @@ $DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
$DIG $DIGOPTS @10.53.0.3 indirect8.example.org > dig.out.1.test$n || ret=1
grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1
$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
eval count=`cat dig.out.2.test$n`
eval count=$(cat dig.out.2.test$n)
[ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempting NS explosion ($n)"
ret=0
ns3_reset ns3/named4.conf.in
$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
$DIG $DIGOPTS +short @10.53.0.3 ns1.1.example.net > dig.out.1.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
eval count=`cat dig.out.2.test$n`
eval count=$(cat dig.out.2.test$n)
[ $count -lt 50 ] || ret=1
$DIG $DIGOPTS +short @10.53.0.7 count txt > dig.out.3.test$n || ret=1
eval count=`cat dig.out.3.test$n`
eval count=$(cat dig.out.3.test$n)
[ $count -lt 50 ] || { ret=1; echo_i "count ($count) !<= 50"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
#grep "duplicate query" ns3/named.run
echo_i "exit status: $status"

242
bin/tests/system/redirect/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -26,9 +28,9 @@ do
echo_i "checking that $conf is accepted ($n)"
ret=0
$CHECKCONF "$conf" || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for conf in conf/bad*.conf
@ -36,9 +38,9 @@ do
echo_i "checking that $conf is rejected ($n)"
ret=0
$CHECKCONF "$conf" >/dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
echo_i "checking A zone redirect works for nonexist ($n)"
@ -46,32 +48,32 @@ ret=0
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect updates statistics ($n)"
ret=0
rm ns2/named.stats 2>/dev/null
rm -f ns2/named.stats 2>/dev/null
$RNDCCMD 10.53.0.2 stats || ret=1
PRE=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats`
PRE=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats)
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
rm ns2/named.stats 2>/dev/null
rm -f ns2/named.stats 2>/dev/null
$RNDCCMD 10.53.0.2 stats || ret=1
POST=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats`
if [ `expr $POST - $PRE` != 1 ]; then ret=1; fi
n=`expr $n + 1`
POST=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats)
if [ $((POST - PRE)) != 1 ]; then ret=1; fi
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect works for nonexist ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect works for nonexist ($n)"
ret=0
@ -79,27 +81,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect doesn't work for acl miss ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 a > dig.out.ns2.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect doesn't work for acl miss ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect doesn't work for acl miss ($n)"
ret=0
@ -107,27 +109,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 any > dig.out.ns2.test$n || ret=
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect works for signed nonexist, DO=0 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect works for signed nonexist, DO=0 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect works for signed nonexist, DO=0 ($n)"
ret=0
@ -135,27 +137,27 @@ $DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect fails for signed nonexist, DO=1 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for signed nonexist, DO=1 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect fails for signed nonexist, DO=1 ($n)"
ret=0
@ -163,9 +165,9 @@ $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -173,9 +175,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.te
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -183,9 +185,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -194,27 +196,27 @@ grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect works for nonexist authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect works for nonexist authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect works for nonexist authoritative ($n)"
ret=0
@ -222,27 +224,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect doesn't work for acl miss authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 a > dig.out.ns1.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect doesn't work for acl miss authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 aaaa > dig.out.ns1.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect doesn't work for acl miss authoritative ($n)"
ret=0
@ -250,27 +252,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 any > dig.out.ns1.test$n || ret=
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect works for signed nonexist, DO=0 authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect works for signed nonexist, DO=0 authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect works for signed nonexist, DO=0 authoritative ($n)"
ret=0
@ -278,27 +280,27 @@ $DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect fails for signed nonexist, DO=1 authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for signed nonexist, DO=1 authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect fails for signed nonexist, DO=1 authoritative ($n)"
ret=0
@ -306,9 +308,9 @@ $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)"
ret=0
@ -316,9 +318,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.te
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)"
ret=0
@ -326,9 +328,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)"
ret=0
@ -337,17 +339,17 @@ grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking zone redirect works (with noerror) when qtype is not found ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that redirect zones reload correctly"
ret=0
@ -358,7 +360,7 @@ rndc_reload ns2 10.53.0.2
for i in 1 2 3 4 5 6 7 8 9; do
tmp=0
$DIG $DIGOPTS +short @10.53.0.2 soa example.nil > dig.out.ns1.test$n || tmp=1
set -- `cat dig.out.ns1.test$n`
set -- $(cat dig.out.ns1.test$n)
[ $3 = 1 ] || tmp=1
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || tmp=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || tmp=1
@ -367,43 +369,43 @@ for i in 1 2 3 4 5 6 7 8 9; do
sleep 1
done
[ $tmp -eq 1 ] && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A nxdomain-redirect works for nonexist ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "nonexist. .*100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect works for nonexist ($n)"
ret=0
rm ns4/named.stats 2>/dev/null
rm -f ns4/named.stats 2>/dev/null
$RNDCCMD 10.53.0.4 stats || ret=1
PRE_RED=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns4/named.stats`
PRE_SUC=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats`
PRE_RED=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns4/named.stats)
PRE_SUC=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats)
$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "nonexist. .*2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect updates statistics ($n)"
ret=0
rm ns4/named.stats 2>/dev/null
rm -f ns4/named.stats 2>/dev/null
$RNDCCMD 10.53.0.4 stats || ret=1
POST_RED=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns4/named.stats`
POST_SUC=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats`
if [ `expr $POST_RED - $PRE_RED` != 1 ]; then ret=1; fi
if [ `expr $POST_SUC - $PRE_SUC` != 1 ]; then ret=1; fi
n=`expr $n + 1`
POST_RED=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns4/named.stats)
POST_SUC=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats)
if [ $((POST_RED - PRE_RED)) != 1 ]; then ret=1; fi
if [ $((POST_SUC - PRE_SUC)) != 1 ]; then ret=1; fi
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect works for nonexist ($n)"
ret=0
@ -411,27 +413,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A nxdomain-redirect works for signed nonexist, DO=0 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect works for signed nonexist, DO=0 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect works for signed nonexist, DO=0 ($n)"
ret=0
@ -439,27 +441,27 @@ $DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A nxdomain-redirect fails for signed nonexist, DO=1 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect fails for signed nonexist, DO=1 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect fails for signed nonexist, DO=1 ($n)"
ret=0
@ -467,9 +469,9 @@ $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -477,9 +479,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.te
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -487,9 +489,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -498,50 +500,50 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking nxdomain-redirect works (with noerror) when qtype is not found ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 txt > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking nxdomain-redirect against authoritative zone ($n)"
ret=0
$DIG $DIGOPTS nonexist.example @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.5 asdfasdfasdf > dig.out.ns5.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns5.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking tld nxdomain-redirect against unsigned root zone ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.6 asdfasdfasdf > dig.out.ns6.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns6.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking extended error is not set on allow-recursion ($n)"
ret=0
$DIG $DIGOPTS example. @10.53.0.1 -b 10.53.0.2 soa > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "EDE" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

4
bin/tests/system/resolver/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=../conf.sh
. ../conf.sh
@ -948,7 +950,7 @@ dig_with_opts +timeout=15 large-referral.example.net @10.53.0.1 a > dig.out.ns1.
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
# Check the total number of findname() calls triggered by a single query
# for large-referral.example.net/A.
findname_call_count="$(grep -c "large-referral\.example\.net.*FINDNAME" ns1/named.run)"
findname_call_count="$(grep -c "large-referral\.example\.net.*FINDNAME" ns1/named.run || true)"
if [ "${findname_call_count}" -gt 1000 ]; then
echo_i "failed: ${findname_call_count} (> 1000) findname() calls detected for large-referral.example.net"
ret=1

24
bin/tests/system/rndc/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd"
@ -205,7 +207,7 @@ status=$((status+ret))
n=$((n+1))
echo_i "checking that freezing static zones is not allowed ($n)"
ret=0
$RNDCCMD 10.53.0.2 freeze static > rndc.out.1.test$n 2>&1
$RNDCCMD 10.53.0.2 freeze static > rndc.out.1.test$n 2>&1 && ret=1
grep 'not dynamic' rndc.out.1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -229,7 +231,7 @@ do
grep "addition 6" ns2/other.db > /dev/null && break
sleep 1
done
serial=`awk '$3 ~ /serial/ {print $1}' ns2/other.db`
serial=$(awk '$3 ~ /serial/ {print $1}' ns2/other.db)
newserial=$((serial + 1))
sed s/$serial/$newserial/ ns2/other.db > ns2/other.db.new
echo 'frozen TXT "frozen addition"' >> ns2/other.db.new
@ -272,7 +274,7 @@ do
grep "addition 6" ns2/nil.db > /dev/null && break
sleep 1
done
serial=`awk '$3 ~ /serial/ {print $1}' ns2/nil.db`
serial=$(awk '$3 ~ /serial/ {print $1}' ns2/nil.db)
newserial=$((serial + 1))
sed s/$serial/$newserial/ ns2/nil.db > ns2/nil.db.new
echo 'frozen TXT "frozen addition"' >> ns2/nil.db.new
@ -324,7 +326,7 @@ n=$((n+1))
echo_i "test 'rndc reload' on a zone with include files ($n)"
ret=0
grep "incl/IN: skipping load" ns2/named.run > /dev/null && ret=1
loads=`grep "incl/IN: starting load" ns2/named.run | wc -l`
loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l)
[ "$loads" -eq 1 ] || ret=1
$RNDCCMD 10.53.0.2 reload > /dev/null || ret=1
for i in 1 2 3 4 5 6 7 8 9
@ -340,7 +342,7 @@ $RNDCCMD 10.53.0.2 reload > /dev/null || ret=1
for i in 1 2 3 4 5 6 7 8 9
do
tmp=0
loads=`grep "incl/IN: starting load" ns2/named.run | wc -l`
loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l)
[ "$loads" -eq 2 ] || tmp=1
[ $tmp -eq 0 ] && break
sleep 1
@ -489,7 +491,7 @@ $RNDCCMD4 nta -l 1d nta2.example > rndc.out.2.test$n 2>&1
grep "Negative trust anchor added" rndc.out.2.test$n > /dev/null || ret=1
$RNDCCMD4 nta -l 1w nta3.example > rndc.out.3.test$n 2>&1
grep "Negative trust anchor added" rndc.out.3.test$n > /dev/null || ret=1
$RNDCCMD4 nta -l 8d nta4.example > rndc.out.4.test$n 2>&1
$RNDCCMD4 nta -l 8d nta4.example > rndc.out.4.test$n 2>&1 && ret=1
grep "NTA lifetime cannot exceed one week" rndc.out.4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -504,7 +506,7 @@ $RNDCCMD4 nta -c any nta1.example > rndc.out.2.test$n 2>&1
nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null || ret=1
$RNDCCMD4 nta -c ch nta1.example > rndc.out.3.test$n 2>&1
nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null && ret=1
$RNDCCMD4 nta -c fake nta1.example > rndc.out.4.test$n 2>&1
$RNDCCMD4 nta -c fake nta1.example > rndc.out.4.test$n 2>&1 && ret=1
nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null && ret=1
grep 'unknown class' rndc.out.4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -516,8 +518,8 @@ do
echo_i "testing rndc buffer size limits (size=${i}) ($n)"
ret=0
$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf testgen ${i} 2>&1 > rndc.out.$i.test$n || ret=1
actual_size=`$GENCHECK rndc.out.$i.test$n`
if [ "$?" = "0" ]; then
{ actual_size=$($GENCHECK rndc.out.$i.test$n); rc=$?; } || true
if [ "$rc" = "0" ]; then
expected_size=$((i+1))
if [ $actual_size != $expected_size ]; then ret=1; fi
else
@ -680,7 +682,7 @@ n=$((n+1))
echo_i "check rndc nta reports adding to multiple views ($n)"
ret=0
$RNDCCMD 10.53.0.3 nta test.com > rndc.out.test$n 2>&1 || ret=1
lines=`cat rndc.out.test$n | wc -l`
lines=$(cat rndc.out.test$n | wc -l)
[ ${lines:-0} -eq 2 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -691,7 +693,7 @@ ret=0
$RNDCCMD 10.53.0.2 retransfer nil > rndc.out.test$n 2>&1 && ret=1
grep "rndc: 'retransfer' failed: failure" rndc.out.test$n > /dev/null || ret=1
grep "retransfer: inappropriate zone type: primary" rndc.out.test$n > /dev/null || ret=1
lines=`cat rndc.out.test$n | wc -l`
lines=$(cat rndc.out.test$n | wc -l)
[ ${lines:-0} -eq 2 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))

11
bin/tests/system/rootkeysentinel/ns2/sign.sh
View file

@ -11,13 +11,10 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
# leave as expr as expr treats arguments with leading 0's as base 10
# handle exit code 1 from expr when the result is 0
oldid=${1:-00000}
newid=$(expr \( ${oldid} + 1000 \) % 65536 || true)
newid=$(expr "0000${newid}" : '.*\(.....\)$') # prepend leading 0's
badid=$(expr \( ${oldid} + 7777 \) % 65536 || true)
badid=$(expr "0000${badid}" : '.*\(.....\)$') # prepend leading 0's
oldid=$(echo ${1:-0} | sed 's/^0*//')
newid=$(printf '%05u' $(((oldid + 1000) % 65536)))
badid=$(printf '%05u' $(((oldid + 7777) % 65536)))
oldid=$(printf '%05u' $((oldid + 0)))
. ../../conf.sh

92
bin/tests/system/rootkeysentinel/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -21,7 +23,7 @@ rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
newtest() {
n=`expr $n + 1`
n=$((n + 1))
case $# in
1)
echo_i "$1 ($n)"
@ -36,260 +38,258 @@ newtest() {
newtest "get test ids"
$DIG $DIGOPTS . dnskey +short +rrcomm @10.53.0.1 > dig.out.ns1.test$n || ret=1
oldid=`sed -n 's/.*key id = //p' < dig.out.ns1.test$n`
oldid=`expr "0000${oldid}" : '.*\(.....\)$'`
newid=`expr \( ${oldid} + 1000 \) % 65536`
newid=`expr "0000${newid}" : '.*\(.....\)$'`
badid=`expr \( ${oldid} + 7777 \) % 65536`
badid=`expr "0000${badid}" : '.*\(.....\)$'`
oldid=$(sed -n 's/.*key id = //p' < dig.out.ns1.test$n)
newid=$(printf "%05u" $(((oldid + 1000) % 65536)))
badid=$(printf "%05u" $(((oldid + 7777) % 65536)))
oldid=$(printf "%05u" $((oldid + 0)))
echo_i "test id: oldid=${oldid} (configured)"
echo_i "test id: newid=${newid} (not configured)"
echo_i "test id: badid=${badid}"
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check authoritative server (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.2 example SOA > dig.out.ns2.test$n
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check test zone resolves with 'root-key-sentinel yes;'" " (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 example SOA > dig.out.ns3.test$n
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with old ta, CD=1 and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with new ta, CD=1 and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with bad ta, CD=1 and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-72345.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-72345.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-1234.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-1234.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 old-is-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 old-not-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 new-is-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 new-not-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 bad-is-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 bad-not-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check test zone resolves with 'root-key-sentinel no;'" " (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 example SOA > dig.out.ns4.test$n
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-72345.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-72345.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-1234.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-1234.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 old-is-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 old-not-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 new-is-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 new-not-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 bad-is-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 bad-not-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

2
bin/tests/system/rpz/clean.sh
View file

@ -22,7 +22,7 @@ while getopts "Px" c; do
*) echo "$USAGE" 1>&2; exit 1;;
esac
done
shift `expr $OPTIND - 1 || true`
shift $((OPTIND - 1))
if test "$#" -ne 0; then
echo "$USAGE" 1>&2
exit 1

2
bin/tests/system/rpz/qperf.sh
View file

@ -11,7 +11,7 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
for QDIR in `echo "$PATH" | tr : ' '` ../../../../contrib/queryperf; do
for QDIR in $(echo "$PATH" | tr : ' ') ../../../../contrib/queryperf; do
QPERF=$QDIR/queryperf
if test -f "$QPERF" -a -x "$QPERF"; then
echo $QPERF

128
bin/tests/system/rpz/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# test response policy zones (RPZ)
# touch dnsrps-off to not test with DNSRPS
@ -47,7 +49,7 @@ while getopts "xS:" c; do
*) echo "$USAGE" 1>&2; exit 1;;
esac
done
shift `expr $OPTIND - 1 || true`
shift $((OPTIND - 1))
if test "$#" -ne 0; then
echo "$USAGE" 1>&2
exit 1
@ -82,30 +84,28 @@ digcmd () {
# Default to +noauth and @$ns3
# Also default to -bX where X is the @value so that OS X will choose
# the right IP source address.
digcmd_args=`echo "+nocookie +noadd +time=2 +tries=1 -p ${PORT} $*" | \
digcmd_args=$(echo "+nocookie +noadd +time=2 +tries=1 -p ${PORT} $*" | \
sed -e "/@/!s/.*/& @$ns3/" \
-e '/-b/!s/@\([^ ]*\)/@\1 -b\1/' \
-e '/+n?o?auth/!s/.*/+noauth &/'`
-e '/+n?o?auth/!s/.*/+noauth &/')
#echo_i "dig $digcmd_args 1>&2
$DIG $digcmd_args
$DIG $digcmd_args || return
}
# set DIGNM=file name for dig output
GROUP_NM=
TEST_NUM=0
make_dignm () {
TEST_NUM=`expr $TEST_NUM : '\([0-9]*\).*'` # trim '+' characters
TEST_NUM=`expr $TEST_NUM + 1`
TEST_NUM=$((TEST_NUM + 1))
DIGNM=dig.out$GROUP_NM-$TEST_NUM
while test -f $DIGNM; do
TEST_NUM="$TEST_NUM+"
DIGNM=dig.out$GROUP_NM-$TEST_NUM
DIGNM="$DIGNM+"
done
}
setret () {
ret=1
status=`expr $status + 1`
status=$((status + 1))
echo_i "$*"
}
@ -113,15 +113,15 @@ setret () {
# $1=domain
# $2=DNS server and client IP address
get_sn() {
SOA=`$DIG -p ${PORT} +short +norecurse soa "$1" "@$2" "-b$2"`
SN=`expr "$SOA" : '[^ ]* [^ ]* \([^ ]*\) .*'`
SOA=$($DIG -p ${PORT} +short +norecurse soa "$1" "@$2" "-b$2")
SN=$(expr "$SOA" : '[^ ]* [^ ]* \([^ ]*\) .*' || true)
test "$SN" != "" && return
echo_i "no serial number from \`dig -p ${PORT} soa $1 @$2\` in \"$SOA\""
exit 1
}
get_sn_fast () {
RSN=`$DNSRPSCMD -n "$1"`
RSN=$($DNSRPSCMD -n "$1")
#echo "dnsrps serial for $1 is $RSN"
if test -z "$RSN"; then
echo_i "dnsrps failed to get SOA serial number for $1"
@ -132,9 +132,9 @@ get_sn_fast () {
# check that dnsrpzd has loaded its zones
# $1=domain
# $2=DNS server IP address
FZONES=`sed -n -e 's/^zone "\(.*\)".*\(10.53.0..\).*/Z=\1;M=\2/p' dnsrpzd.conf`
FZONES=$(sed -n -e 's/^zone "\(.*\)".*\(10.53.0..\).*/Z=\1;M=\2/p' dnsrpzd.conf)
dnsrps_loaded() {
test "$mode" = dnsrps || return
test "$mode" = dnsrps || return 0
n=0
for V in $FZONES; do
eval "$V"
@ -145,7 +145,7 @@ dnsrps_loaded() {
#echo "$Z @$M serial=$SN"
break
fi
n=`expr $n + 1`
n=$((n + 1))
if test "$n" -gt $TEN_SECS; then
echo_i "dnsrps serial for $Z is $RSN instead of $SN"
exit 1
@ -170,7 +170,7 @@ ck_soa() {
get_sn "$2" "$3"
test "$SN" -eq "$1" && return
fi
n=`expr $n + 1`
n=$((n + 1))
if test "$n" -gt $TEN_SECS; then
echo_i "got serial number \"$SN\" instead of \"$1\" from $2 @$3"
return
@ -204,7 +204,7 @@ restart () {
$RNDCCMD $ns$1 halt >/dev/null 2>&1
if test -f ns$1/named.pid; then
sleep 1
PID=`cat ns$1/named.pid 2>/dev/null`
PID=$(cat ns$1/named.pid 2>/dev/null)
if test -n "$PID"; then
echo_i "killing ns$1 server $PID"
kill -9 $PID
@ -228,7 +228,7 @@ restart () {
# $1=server and irrelevant args
# $2=error message
ckalive () {
CKALIVE_NS=`expr "$1" : '.*@ns\([1-9]\).*'`
CKALIVE_NS=$(expr "$1" : '.*@ns\([1-9]\).*' || true)
if test -z "$CKALIVE_NS"; then
CKALIVE_NS=3
fi
@ -238,7 +238,7 @@ ckalive () {
setret "$2"
# restart the server to avoid stalling waiting for it to stop
restart $CKALIVE_NS "rebuild-bl-rpz"
return 1
return 0
}
resetstats () {
@ -252,10 +252,12 @@ ckstats () {
NSDIR="$3"
EXPECTED="$4"
$RNDCCMD $HOST stats
NEW_CNT=0`sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \
$NSDIR/named.stats | tail -1`
eval "OLD_CNT=0\$${NSDIR}_CNT"
GOT=`expr $NEW_CNT - $OLD_CNT`
NEW_CNT=$(sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \
$NSDIR/named.stats | tail -1)
eval "OLD_CNT=\$${NSDIR}_CNT"
NEW_CNT=$((NEW_CNT))
OLD_CNT=$((OLD_CNT))
GOT=$((NEW_CNT - OLD_CNT))
if test "$GOT" -ne "$EXPECTED"; then
setret "wrong $LABEL $NSDIR statistics of $GOT instead of $EXPECTED"
fi
@ -269,10 +271,12 @@ ckstatsrange () {
MIN="$4"
MAX="$5"
$RNDCCMD $HOST stats
NEW_CNT=0`sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \
$NSDIR/named.stats | tail -1`
eval "OLD_CNT=0\$${NSDIR}_CNT"
GOT=`expr $NEW_CNT - $OLD_CNT`
NEW_CNT=$(sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \
$NSDIR/named.stats | tail -1)
eval "OLD_CNT=\$${NSDIR}_CNT"
NEW_CNT=$((NEW_CNT))
OLD_CNT=$((OLD_CNT))
GOT=$((NEW_CNT - OLD_CNT))
if test "$GOT" -lt "$MIN" -o "$GOT" -gt "$MAX"; then
setret "wrong $LABEL $NSDIR statistics of $GOT instead of ${MIN}..${MAX}"
fi
@ -283,7 +287,7 @@ ckstatsrange () {
# $2=optional test file name
start_group () {
ret=0
t=`expr $t + 1`
t=$((t + 1))
test -n "$1" && date "+${TS}checking $1 (${t})" | cat_i
TEST_FILE=$2
if test -n "$TEST_FILE"; then
@ -382,8 +386,8 @@ addr () {
make_dignm
digcmd $2 >$DIGNM
#ckalive "$2" "server crashed by 'dig $2'" || return 1
ADDR_ESC=`echo "$ADDR" | sed -e 's/\./\\\\./g'`
ADDR_TTL=`sed -n -e "s/^[-.a-z0-9]\{1,\}[ ]*\([0-9]*\) IN AA* ${ADDR_ESC}\$/\1/p" $DIGNM`
ADDR_ESC=$(echo "$ADDR" | sed -e 's/\./\\./g')
ADDR_TTL=$(sed -n -e "s/^[-.a-z0-9]\{1,\}[ ]*\([0-9]*\) IN AA* ${ADDR_ESC}\$/\1/p" $DIGNM)
if test -z "$ADDR_TTL"; then
setret "'dig $2' wrong; no address $ADDR record in $DIGNM"
return 1
@ -426,7 +430,7 @@ here () {
DROPPED='^;; no servers could be reached'
drop () {
make_dignm
digcmd $* >$DIGNM
digcmd $* >$DIGNM || true
if grep "$DROPPED" $DIGNM >/dev/null; then
clean_result ${DIGNM}*
return 0
@ -467,6 +471,8 @@ make_proto_nodata() {
# ensure that the fast-expire zone is populated before we begin testing
$RNDCCMD $ns3 retransfer fast-expire
native=0
dnsrps=0
for mode in native dnsrps; do
status=0
case ${mode} in
@ -739,7 +745,7 @@ EOF
ckstats $ns3 bugs ns3 8
# superficial test for major performance bugs
QPERF=`sh qperf.sh`
QPERF=$(sh qperf.sh)
if test -n "$QPERF"; then
perf () {
date "+${TS}checking performance $1" | cat_i
@ -751,8 +757,8 @@ EOF
PFILE="ns5/$2.perf"
$QPERF -c -1 -l30 -d ns5/requests -s $ns5 -p ${PORT} >$PFILE
comment "after test $1"
X=`sed -n -e 's/.*Returned *\([^ ]*:\) *\([0-9]*\) .*/\1\2/p' $PFILE \
| tr '\n' ' '`
X=$(sed -n -e 's/.*Returned *\([^ ]*:\) *\([0-9]*\) .*/\1\2/p' $PFILE \
| tr '\n' ' ')
if test "$X" != "$3"; then
setret "wrong results '$X' in $PFILE"
fi
@ -764,14 +770,14 @@ EOF
# get qps with rpz
perf 'with RPZ' rpz 'NOERROR:2900 NXDOMAIN:100 '
RPZ=`trim rpz`
RPZ=$(trim rpz)
# turn off rpz and measure qps again
echo "# RPZ off" >ns5/rpz-switch
RNDCCMD_OUT=`$RNDCCMD $ns5 reload`
RNDCCMD_OUT=$($RNDCCMD $ns5 reload)
perf 'without RPZ' norpz 'NOERROR:3000 '
NORPZ=`trim norpz`
NORPZ=$(trim norpz)
PERCENT=`expr \( "$RPZ" \* 100 + \( $NORPZ / 2 \) \) / $NORPZ`
PERCENT=$(( (RPZ * 100 + (NORPZ / 2)) / NORPZ))
echo_i "$RPZ qps with RPZ is $PERCENT% of $NORPZ qps without RPZ"
MIN_PERCENT=30
@ -791,17 +797,17 @@ EOF
if [ "$mode" = dnsrps ]; then
echo_i "checking that dnsrpzd is automatically restarted"
OLD_PID=`cat dnsrpzd.pid`
OLD_PID=$(cat dnsrpzd.pid)
kill "$OLD_PID"
n=0
while true; do
NEW_PID=`cat dnsrpzd.pid 2>/dev/null`
NEW_PID=$(cat dnsrpzd.pid 2>/dev/null)
if test -n "$NEW_PID" -a "0$OLD_PID" -ne "0$NEW_PID"; then
#echo "OLD_PID=$OLD_PID NEW_PID=$NEW_PID"
break;
fi
$DIG -p ${PORT} +short +norecurse a0-1.tld2 @$ns3 >/dev/null
n=`expr $n + 1`
n=$((n + 1))
if test "$n" -gt $TEN_SECS; then
setret "dnsrpzd did not restart"
break
@ -823,13 +829,13 @@ EOF
if test -z "$HAVE_CORE"; then
stop_server --use-rndc --port ${CONTROLPORT} ns3
restart 3 "rebuild-bl-rpz"
HAVE_CORE=`find ns* -name '*core*' -print`
HAVE_CORE=$(find ns* -name '*core*' -print)
test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?"
fi
# look for complaints from lib/dns/rpz.c and bin/name/query.c
for runfile in ns*/named.run; do
EMSGS=`nextpart $runfile | grep -E -l 'invalid rpz|rpz.*failed'`
EMSGS=$(nextpart $runfile | grep -E -l 'invalid rpz|rpz.*failed' || true)
if test -n "$EMSGS"; then
setret "error messages in $runfile starting with:"
grep -E 'invalid rpz|rpz.*failed' ns*/named.run | \
@ -839,7 +845,7 @@ EOF
if [ native = "$mode" ]; then
# restart the main test RPZ server with a bad zone.
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that ns3 with broken rpz does not crash (${t})"
stop_server --use-rndc --port ${CONTROLPORT} ns3
cp ns3/broken.db.in ns3/bl.db
@ -848,7 +854,7 @@ EOF
stop_server --use-rndc --port ${CONTROLPORT} ns3
restart 3 "rebuild-bl-rpz"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking if rpz survives a certain class of failed reconfiguration attempts (${t})"
sed -e "s/^#BAD//" < ns3/named.conf.in > ns3/named.conf.tmp
copy_setports ns3/named.conf.tmp ns3/named.conf
@ -859,7 +865,7 @@ EOF
$RNDCCMD $ns3 reconfig || setret "failed"
# reload a RPZ zone that is now deliberately broken.
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking rpz failed update will keep previous rpz rules (${t})"
$DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.before
grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.before > /dev/null || setret "failed"
@ -870,7 +876,7 @@ EOF
$DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.after
grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.after > /dev/null || setret "failed"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking reload of a mixed-case RPZ zone (${t})"
# First, a sanity check: the A6-2.TLD2.mixed-case-rpz RPZ record should
# cause a6-2.tld2 NOERROR answers to be rewritten to NXDOMAIN answers.
@ -889,13 +895,13 @@ EOF
grep "status: NXDOMAIN" dig.out.$t.after >/dev/null || setret "failed"
fi
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})"
$DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.$t
ttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.$t`
ttl=$(awk '/a3-2 tld2 text/ {print $2}' dig.out.$t)
if test ${ttl:=0} -eq 0; then setret "failed"; fi
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking rpz updates/transfers with parent nodes added after children (${t})"
# regression test for RT #36272: the success condition
# is the secondary server not crashing.
@ -908,7 +914,7 @@ EOF
nsd $ns5 delete '*.example.com.policy1.' example.com.policy1.
done
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that going from an empty policy zone works (${t})"
nsd $ns5 add '*.x.servfail.policy2.' x.servfail.policy2.
sleep 1
@ -916,20 +922,20 @@ EOF
$DIG z.x.servfail -p ${PORT} @$ns7 > dig.out.${t}
grep NXDOMAIN dig.out.${t} > /dev/null || setret "failed"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that "add-soa no" at rpz zone level works (${t})"
$DIG z.x.servfail -p ${PORT} @$ns7 > dig.out.${t}
grep SOA dig.out.${t} > /dev/null && setret "failed"
if [ native = "$mode" ]; then
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that "add-soa yes" at response-policy level works (${t})"
$DIG walled.tld2 -p ${PORT} +noall +add @$ns3 > dig.out.${t}
grep "^manual-update-rpz\..*SOA" dig.out.${t} > /dev/null || setret "failed"
fi
if [ native = "$mode" ]; then
t=`expr $t + 1`
t=$((t + 1))
echo_i "reconfiguring server with 'add-soa no' (${t})"
cp ns3/named.conf ns3/named.conf.tmp
sed -e "s/add-soa yes/add-soa no/g" < ns3/named.conf.tmp > ns3/named.conf
@ -940,7 +946,7 @@ EOF
fi
if [ native = "$mode" ]; then
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that 'add-soa unset' works (${t})"
$DIG walled.tld2 -p ${PORT} +noall +add @$ns8 > dig.out.${t}
grep "^manual-update-rpz\..*SOA" dig.out.${t} > /dev/null || setret "failed"
@ -949,12 +955,12 @@ EOF
# dnsrps does not allow NS RRs in policy zones, so this check
# with dnsrps results in no rewriting.
if [ native = "$mode" ]; then
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking rpz with delegation fails correctly (${t})"
$DIG -p ${PORT} @$ns3 ns example.com > dig.out.$t
grep "status: SERVFAIL" dig.out.$t > /dev/null || setret "failed"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking policies from expired zone are no longer in effect ($t)"
$DIG -p ${PORT} @$ns3 a expired > dig.out.$t
grep "expired.*10.0.0.10" dig.out.$t > /dev/null && setret "failed"
@ -966,7 +972,7 @@ EOF
do
for type in AAAA A
do
t=`expr $t + 1`
t=$((t + 1))
case $label in
a-only)
echo_i "checking rpz 'CNAME *.' (NODATA) with dns64, $type lookup with A-only (${t})"
@ -984,12 +990,12 @@ EOF
grep "ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 2$" dig.out.$t > /dev/null || ret=1
grep "^rpz" dig.out.$t > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
done
done
if [ native = "$mode" ]; then
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that rewriting CD=1 queries handles pending data correctly (${t})"
$RNDCCMD $ns3 flush
$RNDCCMD $ns6 flush
@ -1009,6 +1015,6 @@ EOF
*) echo_i "invalid test mode";;
esac
done
status=`expr ${native:-0} + ${dnsrps:-0}`
status=$((native + dnsrps))
[ $status -eq 0 ] || exit 1

12
bin/tests/system/rpzrecurse/setup.sh
View file

@ -27,7 +27,7 @@ while getopts "DNx" c; do
*) echo "$USAGE" 1>&2; exit 1;;
esac
done
shift `expr $OPTIND - 1 || true`
shift $((OPTIND - 1))
if test "$#" -ne 0; then
echo "$USAGE" 1>&2
exit 1
@ -59,16 +59,16 @@ do
while test $j -le $i
do
echo "name$j A 10.53.0.$i" >> ns2/db.max$i.local
j=`expr $j + 1`
j=$((j + 1))
done
i=`expr $i + 1`
i=$((i + 1))
done
# decide whether to test DNSRPS
$SHELL ../ckdnsrps.sh $TEST_DNSRPS $DEBUG
test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS=
test -z "$(grep 'dnsrps-enable yes' dnsrps.conf)" && TEST_DNSRPS=
CWD=`pwd`
CWD=$(pwd)
cat <<EOF >dnsrpzd.conf
PID-FILE $CWD/dnsrpzd.pid;
@ -81,7 +81,7 @@ sed -n -e 's/^ *//' -e "/zone.*.*primary/s@file \"@&$CWD/ns2/@p" ns2/*.conf \
# Run dnsrpzd to get the license and prime the static policy zones
if test -n "$TEST_DNSRPS"; then
DNSRPZD="`../rpz/dnsrps -p`"
DNSRPZD="$(../rpz/dnsrps -p)"
"$DNSRPZD" -D./dnsrpzd.rpzf -S./dnsrpzd.sock -C./dnsrpzd.conf \
-w 0 -dddd -L stdout >./dnsrpzd.run 2>&1
fi

108
bin/tests/system/rpzrecurse/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# touch dnsrps-off to not test with DNSRPS
# touch dnsrps-only to not test with classic RPZ
@ -31,7 +33,7 @@ while getopts "xS:" c; do
*) echo "$USAGE" 1>&2; exit 1;;
esac
done
shift `expr $OPTIND - 1 || true`
shift $((OPTIND - 1))
if test "$#" -ne 0; then
echo "$USAGE" 1>&2
exit 1
@ -61,7 +63,7 @@ run_query() {
TESTNAME=$1
LINE=$2
NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1`
NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1)
$DIG $DIGOPTS $NAME a @10.53.0.2 -p ${PORT} -b 127.0.0.1 > dig.out.${t}
grep "status: SERVFAIL" dig.out.${t} > /dev/null 2>&1 && return 1
return 0
@ -73,8 +75,8 @@ expect_norecurse() {
TESTNAME=$1
LINE=$2
NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1`
t=`expr $t + 1`
NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1)
t=$((t + 1))
echo_i "testing $NAME doesn't recurse (${t})"
add_test_marker 10.53.0.2
run_query $TESTNAME $LINE || {
@ -89,14 +91,15 @@ expect_recurse() {
TESTNAME=$1
LINE=$2
NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1`
t=`expr $t + 1`
NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1)
t=$((t + 1))
echo_i "testing $NAME recurses (${t})"
add_test_marker 10.53.0.2
run_query $TESTNAME $LINE && {
echo_i "test ${t} failed"
status=1
}
return 0
}
add_test_marker() {
@ -106,6 +109,8 @@ add_test_marker() {
done
}
native=0
dnsrps=0
for mode in native dnsrps; do
status=0
case $mode in
@ -144,7 +149,7 @@ for mode in native dnsrps; do
# show whether and why DNSRPS is enabled or disabled
sed -n 's/^## //p' dnsrps.conf | cat_i
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing that l1.l0 exists without RPZ (${t})"
add_test_marker 10.53.0.2
$DIG $DIGOPTS l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t}
@ -153,7 +158,7 @@ for mode in native dnsrps; do
status=1
}
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing that l2.l1.l0 returns SERVFAIL without RPZ (${t})"
add_test_marker 10.53.0.2
$DIG $DIGOPTS l2.l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t}
@ -211,17 +216,16 @@ for mode in native dnsrps; do
for n in $testlist; do
run_server 4$n
ni=$1
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing that ${ni} of 33 queries skip recursion (${t})"
add_test_marker 10.53.0.2
c=0
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 \
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
do
run_query 4$n $i
c=`expr $c + $?`
run_query 4$n $i || c=$((c + 1))
done
skipped=`expr 33 - $c`
skipped=$((33 - c))
if [ $skipped != $ni ]; then
echo_i "test $t failed (actual=$skipped, expected=$ni)"
status=1
@ -242,21 +246,21 @@ for mode in native dnsrps; do
echo_i "check recursive behavior consistency during policy update races"
run_server 6a
sleep 1
t=`expr $t + 1`
t=$((t + 1))
echo_i "running dig to cache CNAME record (${t})"
add_test_marker 10.53.0.1 10.53.0.2
$DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t}
sleep 1
echo_i "suspending authority server"
PID=`cat ns1/named.pid`
PID=$(cat ns1/named.pid)
kill -STOP $PID
echo_i "adding an NSDNAME policy"
cp ns2/db.6a.00.policy.local ns2/saved.policy.local
cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i
test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid`
test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true
sleep 1
t=`expr $t + 1`
t=$((t + 1))
echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})"
add_test_marker 10.53.0.2
$DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} &
@ -264,10 +268,10 @@ for mode in native dnsrps; do
echo_i "removing the NSDNAME policy"
cp ns2/db.6c.00.policy.local ns2/db.6a.00.policy.local
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i
test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid`
test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true
sleep 1
echo_i "resuming authority server"
PID=`cat ns1/named.pid`
PID=$(cat ns1/named.pid)
kill -CONT $PID
add_test_marker 10.53.0.1
for n in 1 2 3 4 5 6 7 8 9
@ -285,20 +289,20 @@ for mode in native dnsrps; do
cp ns2/saved.policy.local ns2/db.6a.00.policy.local
run_server 6a
sleep 1
t=`expr $t + 1`
t=$((t + 1))
echo_i "running dig to cache CNAME record (${t})"
add_test_marker 10.53.0.1 10.53.0.2
$DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t}
sleep 1
echo_i "suspending authority server"
PID=`cat ns1/named.pid`
PID=$(cat ns1/named.pid)
kill -STOP $PID
echo_i "adding an NSDNAME policy"
cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i
test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid`
test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true
sleep 1
t=`expr $t + 1`
t=$((t + 1))
echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})"
add_test_marker 10.53.0.2
$DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} &
@ -306,10 +310,10 @@ for mode in native dnsrps; do
echo_i "removing the policy zone"
cp ns2/named.default.conf ns2/named.conf
rndc_reconfig ns2 10.53.0.2
test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid`
test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true
sleep 1
echo_i "resuming authority server"
PID=`cat ns1/named.pid`
PID=$(cat ns1/named.pid)
kill -CONT $PID
add_test_marker 10.53.0.1
for n in 1 2 3 4 5 6 7 8 9; do
@ -323,7 +327,7 @@ for mode in native dnsrps; do
}
# Check maximum number of RPZ zones (64)
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing maximum number of RPZ zones (${t})"
add_test_marker 10.53.0.2
run_server max
@ -335,11 +339,11 @@ for mode in native dnsrps; do
echo_i "test $t failed: didn't get expected answer from policy zone $i"
status=1
}
i=`expr $i + 1`
i=$((i + 1))
done
# Check CLIENT-IP behavior
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing CLIENT-IP behavior (${t})"
add_test_marker 10.53.0.2
run_server clientip
@ -354,7 +358,7 @@ for mode in native dnsrps; do
}
# Check CLIENT-IP behavior #2
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing CLIENT-IP behavior #2 (${t})"
add_test_marker 10.53.0.2
run_server clientip2
@ -384,11 +388,11 @@ for mode in native dnsrps; do
}
# Check RPZ log clause
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing RPZ log clause (${t})"
add_test_marker 10.53.0.2
run_server log
cur=`awk 'BEGIN {l=0} /^/ {l++} END { print l }' ns2/named.run`
cur=$(awk 'BEGIN {l=0} /^/ {l++} END { print l }' ns2/named.run)
$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.4 > dig.out.${t}
$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.3 >> dig.out.${t}
$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.2 >> dig.out.${t}
@ -407,7 +411,7 @@ for mode in native dnsrps; do
# Check wildcard behavior
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing wildcard behavior with 1 RPZ zone (${t})"
add_test_marker 10.53.0.2
run_server wildcard1
@ -422,7 +426,7 @@ for mode in native dnsrps; do
status=1
}
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing wildcard behavior with 2 RPZ zones (${t})"
add_test_marker 10.53.0.2
run_server wildcard2
@ -437,7 +441,7 @@ for mode in native dnsrps; do
status=1
}
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing wildcard behavior with 1 RPZ zone and no non-wildcard triggers (${t})"
add_test_marker 10.53.0.2
run_server wildcard3
@ -452,7 +456,7 @@ for mode in native dnsrps; do
status=1
}
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing wildcard passthru before explicit drop (${t})"
add_test_marker 10.53.0.2
run_server wildcard4
@ -469,7 +473,7 @@ for mode in native dnsrps; do
if [ "$mode" = "native" ]; then
# Check for invalid prefix length error
t=`expr $t + 1`
t=$((t + 1))
echo_i "testing for invalid prefix length error (${t})"
add_test_marker 10.53.0.2
run_server invalidprefixlength
@ -479,15 +483,15 @@ for mode in native dnsrps; do
}
fi
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking 'nsip-wait-recurse no' is faster than 'nsip-wait-recurse yes' ($t)"
add_test_marker 10.53.0.2 10.53.0.3
echo_i "timing 'nsip-wait-recurse yes' (default)"
ret=0
t1=`$PERL -e 'print time()."\n";'`
t1=$($PERL -e 'print time()."\n";')
$DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t
t2=`$PERL -e 'print time()."\n";'`
p1=`expr $t2 - $t1`
t2=$($PERL -e 'print time()."\n";')
p1=$((t2 - t1))
echo_i "elapsed time $p1 seconds"
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush
@ -497,15 +501,15 @@ for mode in native dnsrps; do
wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1
echo_i "timing 'nsip-wait-recurse no'"
t3=`$PERL -e 'print time()."\n";'`
t3=$($PERL -e 'print time()."\n";')
$DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t
t4=`$PERL -e 'print time()."\n";'`
p2=`expr $t4 - $t3`
t4=$($PERL -e 'print time()."\n";')
p2=$((t4 - t3))
echo_i "elapsed time $p2 seconds"
if test $p1 -le $p2; then ret=1; fi
if test $ret != 0; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush
# restore original named.conf
@ -514,15 +518,15 @@ for mode in native dnsrps; do
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null
wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking 'nsdname-wait-recurse no' is faster than 'nsdname-wait-recurse yes' ($t)"
add_test_marker 10.53.0.2 10.53.0.3
echo_i "timing 'nsdname-wait-recurse yes' (default)"
ret=0
t1=`$PERL -e 'print time()."\n";'`
t1=$($PERL -e 'print time()."\n";')
$DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t
t2=`$PERL -e 'print time()."\n";'`
p1=`expr $t2 - $t1`
t2=$($PERL -e 'print time()."\n";')
p1=$((t2 - t1))
echo_i "elapsed time $p1 seconds"
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush
@ -532,15 +536,15 @@ for mode in native dnsrps; do
wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1
echo_i "timing 'nsdname-wait-recurse no'"
t3=`$PERL -e 'print time()."\n";'`
t3=$($PERL -e 'print time()."\n";')
$DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t
t4=`$PERL -e 'print time()."\n";'`
p2=`expr $t4 - $t3`
t4=$($PERL -e 'print time()."\n";')
p2=$((t4 - t3))
echo_i "elapsed time $p2 seconds"
if test $p1 -le $p2; then ret=1; fi
if test $ret != 0; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
[ $status -ne 0 ] && pf=fail || pf=pass
@ -554,6 +558,6 @@ for mode in native dnsrps; do
*) echo_i "invalid test mode";;
esac
done
status=`expr ${native:-0} + ${dnsrps:-0}`
status=$((native + dnsrps))
[ $status -eq 0 ] || exit 1

22
bin/tests/system/rrchecker/tests.sh
View file

@ -11,25 +11,27 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "class list ($n)"
$RRCHECKER -C > classlist.out
diff classlist.out classlist.good || { echo_i "failed"; status=`expr $status + 1`; }
diff classlist.out classlist.good || { echo_i "failed"; status=$((status + 1)); }
n=`expr $n + 1`
n=$((n + 1))
echo_i "type list ($n)"
$RRCHECKER -T > typelist.out
diff typelist.out typelist.good || { echo_i "failed"; status=`expr $status + 1`; }
diff typelist.out typelist.good || { echo_i "failed"; status=$((status + 1)); }
n=`expr $n + 1`
n=$((n + 1))
echo_i "private type list ($n)"
$RRCHECKER -P > privatelist.out
diff privatelist.out privatelist.good || { echo_i "failed"; status=`expr $status + 1`; }
diff privatelist.out privatelist.good || { echo_i "failed"; status=$((status + 1)); }
myecho() {
cat << EOF
@ -37,7 +39,7 @@ $*
EOF
}
n=`expr $n + 1`
n=$((n + 1))
echo_i "check conversions to canonical format ($n)"
ret=0
$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 0 > tempzone
@ -54,9 +56,9 @@ do
echo_i "'$cl $ty $rest' != '$cl0 $ty0 $rest0'"
}
done < checkzone.out$n
test $ret -eq 0 || { echo_i "failed"; status=`expr $status + 1`; }
test $ret -eq 0 || { echo_i "failed"; status=$((status + 1)); }
n=`expr $n + 1`
n=$((n + 1))
echo_i "check conversions to and from unknown record format ($n)"
ret=0
$CHECKZONE -Dq . tempzone | sed '/^;/d' > checkzone.out$n
@ -77,7 +79,7 @@ do
echo_i "'$cl $ty $rest' != '$cl0 $ty0 $rest0'"
}
done < checkzone.out$n
test $ret -eq 0 || { echo_i "failed"; status=`expr $status + 1`; }
test $ret -eq 0 || { echo_i "failed"; status=$((status + 1)); }
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

32
bin/tests/system/rrl/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# test response rate limiting
. ../conf.sh
@ -32,7 +34,7 @@ while getopts "x" c; do
*) echo "$USAGE" 1>&2; exit 1;;
esac
done
shift `expr $OPTIND - 1 || true`
shift $((OPTIND - 1))
if test "$#" -ne 0; then
echo "$USAGE" 1>&2
exit 1
@ -52,9 +54,9 @@ setret () {
# The start of a second credits a rate limit.
# This would be far easier in C or by assuming a modern version of perl.
sec_start () {
START=`date`
START=$(date)
while true; do
NOW=`date`
NOW=$(date)
if test "$START" != "$NOW"; then
return
fi
@ -78,7 +80,7 @@ burst () {
CNT=$XCNT
DOMS=""
CNTS=`$PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }'`
CNTS=$($PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }')
for CNT in $CNTS
do
eval BURST_DOM="$BURST_DOM_BASE"
@ -96,7 +98,7 @@ burst () {
-e 's/;; .* status: SERVFAIL.*/SERVFAIL/p' \
-e 's/response failed with timed out.*/drop/p' \
-e 's/;; communications error to.*/drop/p' >> $FILENAME &
QNUM=`expr $QNUM + $BURST_LIMIT`
QNUM=$((QNUM + BURST_LIMIT))
}
# compare integers $1 and $2; ensure the difference is no more than $3
@ -110,14 +112,14 @@ ck_result() {
# wait to the background mdig calls to complete.
wait
BAD=no
ADDRS=`grep -E "^$2$" mdig.out-$1 2>/dev/null | wc -l`
ADDRS=$(grep -E "^$2$" mdig.out-$1 2>/dev/null | wc -l)
# count simple truncated and truncated NXDOMAIN as TC
TC=`grep -E "^TC|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l`
DROP=`grep -E "^drop$" mdig.out-$1 2>/dev/null | wc -l`
TC=$(grep -E "^TC|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l)
DROP=$(grep -E "^drop$" mdig.out-$1 2>/dev/null | wc -l)
# count NXDOMAIN and truncated NXDOMAIN as NXDOMAIN
NXDOMAIN=`grep -E "^NXDOMAIN|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l`
SERVFAIL=`grep -E "^SERVFAIL$" mdig.out-$1 2>/dev/null | wc -l`
NOERROR=`grep -E "^NOERROR$" mdig.out-$1 2>/dev/null | wc -l`
NXDOMAIN=$(grep -E "^NXDOMAIN|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l)
SERVFAIL=$(grep -E "^SERVFAIL$" mdig.out-$1 2>/dev/null | wc -l)
NOERROR=$(grep -E "^NOERROR$" mdig.out-$1 2>/dev/null | wc -l)
range $ADDRS "$3" 1 ||
setret "$ADDRS instead of $3 '$2' responses for $1" &&
@ -153,10 +155,10 @@ ckstats () {
LABEL="$1"; shift
TYPE="$1"; shift
EXPECTED="$1"; shift
C=`cat ns2/named.stats |
C=$(cat ns2/named.stats |
sed -n -e "s/[ ]*\([0-9]*\).responses $TYPE for rate limits.*/\1/p" |
tail -1`
C=`expr 0$C + 0`
tail -1)
C=$((C))
range "$C" $EXPECTED 1 ||
setret "wrong $LABEL $TYPE statistics of $C instead of $EXPECTED"
@ -280,7 +282,7 @@ sleep 2
grep "min-table-size 1" broken.out > /dev/null || setret "min-table-size 0 was not changed to 1"
if [ -f named.pid ]; then
kill `cat named.pid`
kill $(cat named.pid)
setret "named should not have started, but did"
fi

12
bin/tests/system/rrsetorder/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short +nocookie"
@ -133,7 +135,7 @@ do
match=0
for j in $GOOD_RANDOM
do
eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1"
eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1 || true"
if [ $match -eq 1 ]; then break; fi
done
if [ $match -eq 0 ]; then ret=1; fi
@ -242,7 +244,7 @@ do
match=0
for j in $GOOD_RANDOM
do
eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1"
eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1 || true"
if [ $match -eq 1 ]; then break; fi
done
if [ $match -eq 0 ]; then ret=1; fi
@ -367,7 +369,7 @@ do
match=0
for j in $GOOD_RANDOM
do
eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1"
eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1 || true"
if [ $match -eq 1 ]; then break; fi
done
if [ $match -eq 0 ]; then ret=1; fi
@ -480,7 +482,7 @@ do
match=0
for j in $GOOD_RANDOM
do
eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1"
eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1 || true"
if [ $match -eq 1 ]; then break; fi
done
if [ $match -eq 0 ]; then ret=1; fi
@ -522,7 +524,7 @@ do
match=0
for j in $GOOD_RANDOM
do
eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1"
eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1 || true"
if [ $match -eq 1 ]; then break; fi
done
if [ $match -eq 0 ]; then ret=1; fi

2
bin/tests/system/rsabigexponent/ns1/sign.sh
View file

@ -19,7 +19,7 @@ zonefile=root.db
cp ../ns2/dsset-example.in dsset-example.
keyname=`$KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone`
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
cat $infile $keyname.key > $zonefile

2
bin/tests/system/rsabigexponent/ns2/sign.sh
View file

@ -20,7 +20,7 @@ outfile=example.db.bad
for i in Xexample.+008+51650.key Xexample.+008+51650.private \
Xexample.+008+52810.key Xexample.+008+52810.private
do
cp $i `echo $i | sed s/X/K/`
cp $i $(echo $i | sed s/X/K/)
done
$SIGNER -g -s 20000101000000 -e 20361231235959 -o $zone \

10
bin/tests/system/rsabigexponent/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -25,7 +27,7 @@ do
ret=0
$CHECKCONF $f > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for f in conf/bad*.conf
@ -34,14 +36,14 @@ do
ret=0
$CHECKCONF $f > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
echo_i "checking that RSA big exponent keys can't be loaded"
ret=0
grep "out of range" ns2/signer.err > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that RSA big exponent signature can't validate"
ret=0
@ -50,7 +52,7 @@ $DIG $DIGOPTS a.example @10.53.0.3 > dig.out.ns3 || ret=1
grep "status: NOERROR" dig.out.ns2 > /dev/null || ret=1
grep "status: SERVFAIL" dig.out.ns3 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

8
bin/tests/system/runtime/tests.sh
View file

@ -11,11 +11,11 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh
set -e
RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
NAMED_DEFAULT_ARGS="-m record -d 99 -g -U 4"
@ -225,8 +225,8 @@ n=$((n+1))
echo_i "verifying that named switches UID ($n)"
if [ "$(id -u)" -eq 0 ]; then
ret=0
TEMP_NAMED_DIR=$(mktemp -d "$(pwd)/ns2/tmp.XXXXXXXX")
if [ "$?" -eq 0 ]; then
{ TEMP_NAMED_DIR=$(mktemp -d "$(pwd)/ns2/tmp.XXXXXXXX"); rc=$?; } || true
if [ "$rc" -eq 0 ]; then
copy_setports ns2/named-alt9.conf.in "${TEMP_NAMED_DIR}/named-alt9.conf"
chown -R nobody: "${TEMP_NAMED_DIR}"
chmod 0700 "${TEMP_NAMED_DIR}"

26
bin/tests/system/serve-stale/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
@ -597,7 +599,7 @@ status=$((status+ret))
# Keep track of time so we can access these RRset later, when we expect them
# to become ancient.
t1=`$PERL -e 'print time()'`
t1=$($PERL -e 'print time()')
n=$((n+1))
echo_i "verify prime cache statistics (low max-stale-ttl) ($n)"
@ -693,11 +695,11 @@ status=$((status+ret))
if [ $ret != 0 ]; then echo_i "failed"; fi
# Retrieve max-stale-ttl value.
interval_to_ancient=`grep 'max-stale-ttl' ns1/named3.conf.in | awk '{ print $2 }' | tr -d ';'`
interval_to_ancient=$(grep 'max-stale-ttl' ns1/named3.conf.in | awk '{ print $2 }' | tr -d ';')
# We add 2 seconds to it since this is the ttl value of the records being
# tested.
interval_to_ancient=$((interval_to_ancient + 2))
t2=`$PERL -e 'print time()'`
t2=$($PERL -e 'print time()')
elapsed=$((t2 - t1))
# If elapsed time so far is less than max-stale-ttl + 2 seconds, then we sleep
@ -1134,7 +1136,7 @@ sleep 2
n=$((n+1))
echo_i "check notincache.example TXT times out (max-stale-ttl default) ($n)"
ret=0
$DIG -p ${PORT} +tries=1 +timeout=3 @10.53.0.3 notfound.example TXT > dig.out.test$n 2>&1
$DIG -p ${PORT} +tries=1 +timeout=3 @10.53.0.3 notfound.example TXT > dig.out.test$n 2>&1 && ret=1
grep "timed out" dig.out.test$n > /dev/null || ret=1
grep ";; no servers could be reached" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1373,11 +1375,11 @@ stop_server --use-rndc --port ${CONTROLPORT} ns4
# Load the cache as if it was five minutes (RBTDB_VIRTUAL) older. Since
# max-stale-ttl defaults to a week, we need to adjust the date by one week and
# five minutes.
LASTWEEK=`TZ=UTC perl -e 'my $now = time();
LASTWEEK=$(TZ=UTC perl -e 'my $now = time();
my $oneWeekAgo = $now - 604800;
my $fiveMinutesAgo = $oneWeekAgo - 300;
my ($s, $m, $h, $d, $mo, $y) = (localtime($fiveMinutesAgo))[0, 1, 2, 3, 4, 5];
printf("%04d%02d%02d%02d%02d%02d", $y+1900, $mo+1, $d, $h, $m, $s);'`
printf("%04d%02d%02d%02d%02d%02d", $y+1900, $mo+1, $d, $h, $m, $s);')
echo_i "mock the cache date to $LASTWEEK (serve-stale answers disabled) ($n)"
ret=0
@ -1610,10 +1612,10 @@ stop_server --use-rndc --port ${CONTROLPORT} ns5
# Load the cache as if it was five minutes (RBTDB_VIRTUAL) older.
cp ns5/named_dump.db.test$n ns5/named_dump.db
FIVEMINUTESAGO=`TZ=UTC perl -e 'my $now = time();
FIVEMINUTESAGO=$(TZ=UTC perl -e 'my $now = time();
my $fiveMinutesAgo = 300;
my ($s, $m, $h, $d, $mo, $y) = (localtime($fiveMinutesAgo))[0, 1, 2, 3, 4, 5];
printf("%04d%02d%02d%02d%02d%02d", $y+1900, $mo+1, $d, $h, $m, $s);'`
printf("%04d%02d%02d%02d%02d%02d", $y+1900, $mo+1, $d, $h, $m, $s);')
n=$((n+1))
echo_i "mock the cache date to $FIVEMINUTESAGO (serve-stale cache disabled) ($n)"
@ -1726,12 +1728,12 @@ sleep 2
nextpart ns3/named.run > /dev/null
echo_i "sending queries for tests $((n+1))-$((n+3))..."
t1=`$PERL -e 'print time()'`
t1=$($PERL -e 'print time()')
$DIG -p ${PORT} +tries=1 +timeout=11 @10.53.0.3 data.example TXT > dig.out.test$((n+1)) &
$DIG -p ${PORT} +tries=1 +timeout=11 @10.53.0.3 nodata.example TXT > dig.out.test$((n+2)) &
$DIG -p ${PORT} +tries=1 +timeout=11 @10.53.0.3 data.slow TXT > dig.out.test$((n+3)) &
wait
t2=`$PERL -e 'print time()'`
t2=$($PERL -e 'print time()')
# We configured a long value of 30 seconds for resolver-query-timeout.
# That should give us enough time to receive an stale answer from cache
@ -1782,7 +1784,7 @@ echo_i "sending queries for tests $((n+2))-$((n+4))..."
# the second RRSIG lookup triggers the issue in [GL #3622]
$DIG -p ${PORT} +tries=1 +timeout=10 @10.53.0.3 longttl.example TXT > dig.out.test$((n+3)) &
$DIG -p ${PORT} +tries=1 +timeout=3 @10.53.0.3 longttl.example RRSIG > dig.out.test$((n+4)) &
$DIG -p ${PORT} +tries=1 +timeout=3 @10.53.0.3 longttl.example TXT > dig.out.test$((n+2))
$DIG -p ${PORT} +tries=1 +timeout=3 @10.53.0.3 longttl.example TXT > dig.out.test$((n+2)) || true
# Enable the authoritative name server after stale-answer-client-timeout.
n=$((n+1))
@ -2402,7 +2404,7 @@ burst() {
num=${1}
rm -f burst.input.$$
while [ $num -gt 0 ]; do
num=`expr $num - 1`
num=$((num - 1))
echo "fetch${num}.example A" >> burst.input.$$
done
$PERL ../ditch.pl -p ${PORT} -s 10.53.0.3 burst.input.$$

4
bin/tests/system/sfcache/tests.sh
View file

@ -11,11 +11,11 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh
set -e
status=0
n=0

2
bin/tests/system/smartsign/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0

2
bin/tests/system/sortlist/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+tcp +noadd +nosea +nostat +noquest +noauth +nocomm +nocmd -p ${PORT}"

6
bin/tests/system/spf/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
n=1
@ -37,9 +39,9 @@ grep "'warn' found type SPF" ns1/named.run > /dev/null && ret=1
grep "zone nowarn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1
grep "'y.nowarn' found type SPF" ns1/named.run > /dev/null && ret=1
grep "'nowarn' found type SPF" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

70
bin/tests/system/staticstub/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
@ -21,68 +23,68 @@ n=0
for conf in conf/good*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that $conf is accepted ($n)"
ret=0
$CHECKCONF "$conf" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for conf in conf/bad*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that $conf is rejected ($n)"
ret=0
$CHECKCONF "$conf" >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=`expr $n + 1`
n=$((n + 1))
echo_i "trying an axfr that should be denied (NOTAUTH) ($n)"
ret=0
$DIG $DIGOPTS +tcp data.example. @10.53.0.2 axfr > dig.out.ns2.test$n || ret=1
grep "; Transfer failed." dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "non recursive query for a static-stub zone with server name should be rejected ($n)"
ret=0
$DIG $DIGOPTS +tcp +norec data.example. @10.53.0.2 txt > dig.out.ns2.test$n \
|| ret=1
grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "non recursive query for a static-stub zone with server name should be rejected ($n)"
ret=0
$DIG $DIGOPTS +tcp +norec data.example.org. @10.53.0.2 txt > dig.out.ns2.test$n \
|| ret=1
grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "allow-query ACL ($n)"
ret=0
$DIG $DIGOPTS +tcp +norec data.example. @10.53.0.2 txt -b 10.53.0.7 \
> dig.out.ns2.test$n || ret=1
grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "look for static-stub zone data with recursion (should be found) ($n)"
ret=0
$DIG $DIGOPTS +tcp +noauth data.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
digcomp knowngood.dig.out.rec dig.out.ns2.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking authoritative NS is ignored for delegation ($n)"
ret=0
# the auth server returns a different (and incorrect) NS for .example.
@ -92,9 +94,9 @@ grep "ns4.example." dig.out.ns2.test1.$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp data2.example. @10.53.0.2 txt > dig.out.ns2.test2.$n || ret=1
grep "2nd test data" dig.out.ns2.test2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking queries for a child zone of the static-stub zone ($n)"
ret=0
# prime the delegation to a child zone of the static-stub zone
@ -118,9 +120,9 @@ copy_setports ns3/named.conf.in tmp
sed 's/EXAMPLE_ZONE_PLACEHOLDER/zone "example" { type primary; file "example.db.signed"; };/' tmp > ns3/named.conf
rndc_reload ns3 10.53.0.3
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking authoritative NS addresses are ignored for delegation ($n)"
ret=0
# the auth server returns a different (and incorrect) A/AAA RR for .example.
@ -135,29 +137,29 @@ rndc_reload ns2 10.53.0.2
$DIG $DIGOPTS +tcp data3.example. @10.53.0.2 txt > dig.out.ns2.test3.$n || ret=1
grep "3rd test data" dig.out.ns2.test3.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# the authoritative server of the query domain (example.com) is the apex
# name of the static-stub zone (example). in this case the static-stub
# configuration must be ignored and cached information must be used.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking NS of static-stub is ignored when referenced from other domain ($n)"
ret=0
$DIG $DIGOPTS +tcp data.example.com. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "example com data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# check server-names
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking static-stub with a server-name ($n)"
ret=0
$DIG $DIGOPTS +tcp data.example.org. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "example org data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
# Note: for a short term workaround we use ::1, assuming it's configured and
# usable for our tests. We should eventually use the test ULA and available
# checks introduced in change 2916.
@ -168,31 +170,31 @@ then
$DIG $DIGOPTS +tcp data.example.info. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "example info data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "SKIPPED: checking IPv6 static-stub address ($n)"
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "look for static-stub zone data with DNSSEC validation ($n)"
ret=0
$DIG $DIGOPTS +tcp +dnssec data4.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "ad; QUERY" dig.out.ns2.test$n > /dev/null || ret=1
grep "4th test data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "look for a child of static-stub zone data with DNSSEC validation ($n)"
ret=0
$DIG $DIGOPTS +tcp +dnssec data3.sub.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "ad; QUERY" dig.out.ns2.test$n > /dev/null || ret=1
grep "3rd sub test data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# reload with a different name server: existing zone shouldn't be reused.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking server reload with a different static-stub config ($n)"
ret=0
copy_setports ns2/named.conf.in tmp
@ -201,9 +203,9 @@ rndc_reload ns2 10.53.0.2
$DIG $DIGOPTS +tcp data2.example.org. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "2nd example org data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking static-stub of a undelegated tld resolves after DS query ($n)"
ret=0
$DIG $DIGOPTS undelegated. @10.53.0.2 ds > dig.out.ns2.ds.test$n
@ -211,7 +213,7 @@ $DIG $DIGOPTS undelegated. @10.53.0.2 soa > dig.out.ns2.soa.test$n
grep "status: NXDOMAIN" dig.out.ns2.ds.test$n > /dev/null || ret=1
grep "status: NOERROR" dig.out.ns2.soa.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

90
bin/tests/system/statistics/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGCMD="$DIG +tcp -p ${PORT}"
@ -21,6 +23,8 @@ status=0
ret=0
n=1
stats=0
nsock0nstat=0
nsock1nstat=0
rndc_stats() {
_ns=$1
_ip=$2
@ -36,35 +40,35 @@ rndc_stats() {
echo_i "fetching a.example from ns2's initial configuration ($n)"
$DIGCMD +noauth a.example. @10.53.0.2 any > dig.out.ns2.1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "dumping initial stats for ns2 ($n)"
rndc_stats ns2 10.53.0.2 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying adb records in named.stats ($n)"
grep "ADB stats" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "checking for 1 entry in adb hash table in named.stats ($n)"
grep "1 Addresses in hash table" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying cache statistics in named.stats ($n)"
grep "Cache Statistics" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking for 2 entries in adb hash table in named.stats ($n)"
@ -72,20 +76,20 @@ $DIGCMD a.example.info. @10.53.0.2 any > /dev/null 2>&1
rndc_stats ns2 10.53.0.2 || ret=1
grep "2 Addresses in hash table" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "dumping initial stats for ns3 ($n)"
rndc_stats ns3 10.53.0.3 || ret=1
nsock0nstat=`grep "UDP/IPv4 sockets active" $last_stats | awk '{print $1}'`
[ 0 -ne ${nsock0nstat:-0} ] || ret=1
nsock0nstat=$(grep "UDP/IPv4 sockets active" $last_stats | awk '{print $1}')
[ 0 -ne ${nsock0nstat} ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "sending queries to ns3"
$DIGCMD +tries=2 +time=1 +recurse @10.53.0.3 foo.info. any > /dev/null 2>&1
$DIGCMD +tries=2 +time=1 +recurse @10.53.0.3 foo.info. any > /dev/null 2>&1 || true
ret=0
echo_i "dumping updated stats for ns3 ($n)"
@ -95,30 +99,30 @@ getstats() {
}
retry_quiet 5 getstats || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying recursing clients output in named.stats ($n)"
grep "2 recursing clients" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying active fetches output in named.stats ($n)"
grep "1 active fetches" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying active sockets output in named.stats ($n)"
nsock1nstat=`grep "UDP/IPv4 sockets active" $last_stats | awk '{print $1}'`
[ `expr ${nsock1nstat:-0} - ${nsock0nstat:-0}` -eq 1 ] || ret=1
nsock1nstat=$(grep "UDP/IPv4 sockets active" $last_stats | awk '{print $1}')
[ $((nsock1nstat - nsock0nstat)) -eq 1 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# there should be 1 UDP and no TCP queries. As the TCP counter is zero
# no status line is emitted.
@ -127,22 +131,22 @@ echo_i "verifying queries in progress in named.stats ($n)"
grep "1 UDP queries in progress" $last_stats > /dev/null || ret=1
grep "TCP queries in progress" $last_stats > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying bucket size output ($n)"
grep "bucket size" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking priming queries are counted ($n)"
grep "priming queries" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking that zones with slash are properly shown in XML output ($n)"
@ -153,8 +157,8 @@ else
echo_i "skipping test as libxml2 and/or curl was not found"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking that zones return their type ($n)"
@ -165,8 +169,8 @@ else
echo_i "skipping test as libxml2 and/or curl was not found"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking bind9.xsl vs xml ($n)"
@ -223,8 +227,8 @@ else
echo_i "skipping test as libxml2 and/or curl with HTTP/1.1 support and/or xsltproc was not found"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking bind9.xml socket statistics ($n)"
@ -247,8 +251,8 @@ else
echo_i "skipping test as libxml2 and/or stats.xml.out file and/or xsltproc was not found"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "Check that 'zone-statistics full;' is processed by 'rndc reconfig' ($n)"
ret=0
@ -271,8 +275,8 @@ rndc_reconfig ns2 10.53.0.2
rndc_stats ns2 10.53.0.2 || ret=1
sed -n '/Per Zone Query Statistics/,/^++/p' $last_stats | grep -F '[example]' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

65
bin/tests/system/statschannel/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
# shellcheck source=conf.sh
. ../conf.sh
@ -55,10 +57,9 @@ getzones() {
json) path='json/v1/zones' ;;
*) return 1 ;;
esac
file=`$PERL fetch.pl -p ${EXTRAPORT1} $path`
file=$($PERL fetch.pl -p ${EXTRAPORT1} $path)
cp $file $file.$1.$3
$PERL zones-${1}.pl $file $2 2>/dev/null | sort > zones.out.$3
result=$?
{ $PERL zones-${1}.pl $file $2 2>/dev/null | sort > zones.out.$3; result=$?; } || true
return $result
}
@ -78,34 +79,34 @@ echo_i "checking consistency between named.stats and xml/json ($n)"
rm -f ns2/named.stats
$DIGCMD +tcp example ns > dig.out.$n || ret=1
$RNDCCMD 10.53.0.2 stats 2>&1 | sed 's/^/I:ns1 /'
query_count=`awk '/QUERY/ {print $1}' ns2/named.stats`
txt_count=`awk '/TXT/ {print $1}' ns2/named.stats`
noerror_count=`awk '/NOERROR/ {print $1}' ns2/named.stats`
query_count=$(awk '/QUERY/ {print $1}' ns2/named.stats)
txt_count=$(awk '/TXT/ {print $1}' ns2/named.stats)
noerror_count=$(awk '/NOERROR/ {print $1}' ns2/named.stats)
if [ $PERL_XML ]; then
file=`$PERL fetch.pl -p ${EXTRAPORT1} xml/v3/server`
file=$($PERL fetch.pl -p ${EXTRAPORT1} xml/v3/server)
mv $file xml.stats
$PERL server-xml.pl > xml.fmtstats 2> /dev/null
xml_query_count=`awk '/opcode QUERY/ { print $NF }' xml.fmtstats`
xml_query_count=$(awk '/opcode QUERY/ { print $NF }' xml.fmtstats)
xml_query_count=${xml_query_count:-0}
[ "$query_count" -eq "$xml_query_count" ] || ret=1
xml_txt_count=`awk '/qtype TXT/ { print $NF }' xml.fmtstats`
xml_txt_count=$(awk '/qtype TXT/ { print $NF }' xml.fmtstats)
xml_txt_count=${xml_txt_count:-0}
[ "$txt_count" -eq "$xml_txt_count" ] || ret=1
xml_noerror_count=`awk '/rcode NOERROR/ { print $NF }' xml.fmtstats`
xml_noerror_count=$(awk '/rcode NOERROR/ { print $NF }' xml.fmtstats)
xml_noerror_count=${xml_noerror_count:-0}
[ "$noerror_count" -eq "$xml_noerror_count" ] || ret=1
fi
if [ $PERL_JSON ]; then
file=`$PERL fetch.pl -p ${EXTRAPORT1} json/v1/server`
file=$($PERL fetch.pl -p ${EXTRAPORT1} json/v1/server)
mv $file json.stats
$PERL server-json.pl > json.fmtstats 2> /dev/null
json_query_count=`awk '/opcode QUERY/ { print $NF }' json.fmtstats`
json_query_count=$(awk '/opcode QUERY/ { print $NF }' json.fmtstats)
json_query_count=${json_query_count:-0}
[ "$query_count" -eq "$json_query_count" ] || ret=1
json_txt_count=`awk '/qtype TXT/ { print $NF }' json.fmtstats`
json_txt_count=$(awk '/qtype TXT/ { print $NF }' json.fmtstats)
json_txt_count=${json_txt_count:-0}
[ "$txt_count" -eq "$json_txt_count" ] || ret=1
json_noerror_count=`awk '/rcode NOERROR/ { print $NF }' json.fmtstats`
json_noerror_count=$(awk '/rcode NOERROR/ { print $NF }' json.fmtstats)
json_noerror_count=${json_noerror_count:-0}
[ "$noerror_count" -eq "$json_noerror_count" ] || ret=1
fi
@ -116,7 +117,7 @@ n=$((n + 1))
ret=0
echo_i "checking malloced memory statistics xml/json ($n)"
if [ $PERL_XML ]; then
file=`$PERL fetch.pl -p ${EXTRAPORT1} xml/v3/mem`
file=$($PERL fetch.pl -p ${EXTRAPORT1} xml/v3/mem)
mv $file xml.mem
$PERL mem-xml.pl $file > xml.fmtmem
grep "'Malloced' => '[0-9][0-9]*'" xml.fmtmem > /dev/null || ret=1
@ -124,7 +125,7 @@ if [ $PERL_XML ]; then
grep "'maxmalloced' => '[0-9][0-9]*'" xml.fmtmem > /dev/null || ret=1
fi
if [ $PERL_JSON ]; then
file=`$PERL fetch.pl -p ${EXTRAPORT1} json/v1/mem`
file=$($PERL fetch.pl -p ${EXTRAPORT1} json/v1/mem)
mv $file json.mem
grep '"malloced":[0-9][0-9]*,' json.mem > /dev/null || ret=1
grep '"maxmalloced":[0-9][0-9]*,' json.mem > /dev/null || ret=1
@ -169,10 +170,10 @@ ret=0
echo_i "checking if compressed output is really compressed ($n)"
if $FEATURETEST --with-zlib;
then
REGSIZE=`cat regular.headers | \
grep -i Content-Length | sed -e "s/.*: \([0-9]*\).*/\1/"`
COMPSIZE=`cat compressed.headers | \
grep -i Content-Length | sed -e "s/.*: \([0-9]*\).*/\1/"`
REGSIZE=$(cat regular.headers | \
grep -i Content-Length | sed -e "s/.*: \([0-9]*\).*/\1/")
COMPSIZE=$(cat compressed.headers | \
grep -i Content-Length | sed -e "s/.*: \([0-9]*\).*/\1/")
if [ ! $((REGSIZE / COMPSIZE)) -gt 2 ]; then
ret=1
fi
@ -187,8 +188,8 @@ n=$((n + 1))
zone="dnssec"
sign_prefix="dnssec-sign operations"
refresh_prefix="dnssec-refresh operations"
ksk_id=`cat ns2/$zone.ksk.id`
zsk_id=`cat ns2/$zone.zsk.id`
ksk_id=$(cat ns2/$zone.ksk.id)
zsk_id=$(cat ns2/$zone.zsk.id)
# Test sign operations for scheduled resigning.
ret=0
@ -275,12 +276,12 @@ n=$((n + 1))
# Test sign operations for scheduled resigning (many keys).
ret=0
zone="manykeys"
ksk8_id=`cat ns2/$zone.ksk8.id`
zsk8_id=`cat ns2/$zone.zsk8.id`
ksk13_id=`cat ns2/$zone.ksk13.id`
zsk13_id=`cat ns2/$zone.zsk13.id`
ksk14_id=`cat ns2/$zone.ksk14.id`
zsk14_id=`cat ns2/$zone.zsk14.id`
ksk8_id=$(cat ns2/$zone.ksk8.id)
zsk8_id=$(cat ns2/$zone.zsk8.id)
ksk13_id=$(cat ns2/$zone.ksk13.id)
zsk13_id=$(cat ns2/$zone.zsk13.id)
ksk14_id=$(cat ns2/$zone.ksk14.id)
zsk14_id=$(cat ns2/$zone.zsk14.id)
# The dnssec zone has 10 RRsets to sign (including NSEC) with the ZSKs and one
# RRset (DNSKEY) with the KSKs. So starting named with signatures that expire
# almost right away, this should trigger 10 zsk and 1 ksk sign operations per
@ -395,7 +396,7 @@ EOF
lines=$(grep -c "^<statistics version" nc.out$n)
test "$lines" = 2 || ret=1
# keep-alive not needed in HTTP/1.1, second response has close
lines=$(grep -c "^Connection: Keep-Alive" nc.out$n)
lines=$(grep -c "^Connection: Keep-Alive" nc.out$n || true)
test "$lines" = 0 || ret=1
lines=$(grep -c "^Connection: close" nc.out$n)
test "$lines" = 1 || ret=1
@ -427,7 +428,7 @@ EOF
lines=$(grep -c "^<statistics version" nc.out$n)
test "$lines" = 2 || ret=1
# keep-alive not needed in HTTP/1.1, second response has close
lines=$(grep -c "^Connection: Keep-Alive" nc.out$n)
lines=$(grep -c "^Connection: Keep-Alive" nc.out$n || true)
test "$lines" = 0 || ret=1
lines=$(grep -c "^Connection: close" nc.out$n)
test "$lines" = 1 || ret=1
@ -452,7 +453,7 @@ EOF
lines=$(grep -c "^<statistics version" nc.out$n)
test "$lines" = 2 || ret=1
# first response has keep-alive, second has close
lines=$(grep -c "^Connection: Keep-Alive" nc.out$n)
lines=$(grep -c "^Connection: Keep-Alive" nc.out$n || true)
test "$lines" = 1 || ret=1
lines=$(grep -c "^Connection: close" nc.out$n)
test "$lines" = 1 || ret=1
@ -478,7 +479,7 @@ EOF
lines=$(grep -c "^<statistics version" nc.out$n)
test "$lines" = 1 || ret=1
# no keep-alive, one close
lines=$(grep -c "^Connection: Keep-Alive" nc.out$n)
lines=$(grep -c "^Connection: Keep-Alive" nc.out$n || true)
test "$lines" = 0 || ret=1
lines=$(grep -c "^Connection: close" nc.out$n)
test "$lines" = 1 || ret=1

4
bin/tests/system/stress/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
@ -32,7 +34,7 @@ echo_i "waiting for background processes to finish"
wait
echo_i "killing reload loop"
kill `cat reload.pid`
kill $(cat reload.pid)
# If the test has run to completion without named crashing, it has succeeded.
# Otherwise, the crash will be detected by the test framework and the test will

2
bin/tests/system/stub/tests.sh
View file

@ -11,6 +11,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
DIGOPTS="+tcp -p ${PORT}"

Some files were not shown because too many files have changed in this diff Show more